this post was submitted on 11 Sep 2023
324 points (95.5% liked)
AssholeDesign
7604 readers
2 users here now
This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You don't have to give Microsoft the key (unless you want the "backup" option) but the OS has to have the key locally while it's running in order to be able to read the data on the drive (and also write new data).
In typical usage The TPM holds the key, but it's the OS that generated the key and encrypted the drive in the first place. I don't know the technical details but the TPM recognises the OS install that programmed it and will only automatically unlock and provide the key for that. If you change it by swapping the drive or booting to a different device it remains locked and any alternative OS requires the key to be entered manually.