this post was submitted on 21 Oct 2023
243 points (95.5% liked)

Technology

35007 readers
267 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

This article starts off with some inaccurate information right from the onset, so it leaves me with some credibility concerns that incline me to do some of my own testing.

Since Windows 10 1803, both Windows 10 and 11 Home and Pro have automatically enabled Bitlocker Encryption during the Out Of Box Experience (OOBE) as long as the following conditions are met:

  • The device is UEFI and Secure Boot enabled
  • The device has a TPM2.0 device that is enabled
  • There are no un-allowed Direct Memory Access (DMA) capable devices on a DMA capable bus.
  • The user signed in using a Microsoft Account and had an active internet connection at the time.

It is not specific to Windows 11 and has nothing to do with Home/Pro. This has been going on since 2018.

They also mention encryption built-in to SSDs. That is a fundamentally different kind of encryption. With Bitlocker, removing an SSD from a device or accessing it from anything but the original Windows environment will require the user to enter a 25-digit key to gain data access. Without Bitlocker, the on-disk encryption does not prevent data access in those scenarios. That encryption key exists primarily so that you can secure erase the disk by changing the encryption key. The alternative is a block-level erasure, which would put wear and tear on the SSD.

Pretty disappointing to see this coming from an otherwise reputable source like Tom’s Hardware.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

You're off with your claims about built-in encryption. While there are drives that do what you describe, there are also drives that require a key to be provided to the drive for unlocking it. There's an entire specification for how the authentication to the hard drive is made at boot or when mounting it.