this post was submitted on 08 May 2024
135 points (96.6% liked)

Technology

34842 readers
16 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 53 points 6 months ago (3 children)

uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved...

[–] [email protected] 13 points 6 months ago (2 children)

What can you do when this happens... Asking for a friend...

[–] [email protected] 14 points 6 months ago (1 children)

it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.

[–] [email protected] 3 points 6 months ago (1 children)

uploading encryption keys makes encryption much less meaningful

[–] [email protected] 4 points 6 months ago (1 children)

Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.

[–] [email protected] 2 points 6 months ago (1 children)

personal data leaks frequently, that may include these

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?

[–] [email protected] 1 points 6 months ago

I'd like you to repeat it please. But slower this time.

[–] [email protected] 11 points 6 months ago

Because they force you to use online accounts now, you can get it from the registered account via the Microsoft account page.

In your Microsoft account: Open a web browser on another device. Go to https://account.microsoft.com/devices/recoverykey to find your recovery key.

[–] [email protected] 5 points 6 months ago (1 children)

Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)

Luckily I was using a Microsoft account (usually I don't because fuck that) so the keys were automatically backupped

[–] [email protected] 11 points 6 months ago

The automatic encryption and subsequent backup both took place because you were using a Microsoft Account

[–] [email protected] 3 points 6 months ago (2 children)

I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I'm on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn't use TPM? Should I hold on to the luks headers and master priv key backup?

[–] [email protected] 2 points 6 months ago

LUKS don't use TPM

[–] [email protected] 1 points 6 months ago

There's an extension that can unlock LUKS drives using the TPM, but by default it does not do that, and probably that extension isn't installed either