• herrcaptain@lemmy.ca
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      It’s been quite a while, but on an older system years ago I recall it slightly nagging me about how the computer wasn’t W11-enabled.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      6 months ago

      I’ve been curious about people who have been disabling the TPM. Where are you storing your disk encryption keys?

      • AMillionMonkeys@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        6 months ago

        I’m not using disk encryption. It’s a desktop and if it’s every stolen I’ve got bigger problems.
        Also, I presume that disk encryption makes it so you can’t just pop the drive in an adapter and pull stuff off it, which I sometimes need to do with old, retired drives.

      • AWildMimicAppears@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        veracrypt is a thing, encrypting drives does not need TPM.

        Just boot using the good old Master Boot Record for a clean solution (The Veracrypt documentation gives a good overview). Veracrypt works with EFI too, but the EFI partition itself cannot be encrypted. You can even create a hidden OS, if you are forced to give out your password, theres still plausible deniability.

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          6 months ago

          Thanks for the Veracrypt reminder. Adding that to my stuff to setup and document list.

          Sometimes Bitlocker really pisses me off.

      • lud@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        You can run bitlocker without TPM using a usb flash drive instead. I think you can also store the key in your mind as a password.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          Yes, but when they’re on USB the keys are much more accessible. You can just plug it in and dump them.

          If you’re only using a password, the keys are stored in an unencrypted part of the drive, which can again easily be dumped.

          Once you’ve dumped the keys, you can brute-force the passphrase offline.

    • yggstyle@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      4
      ·
      edit-2
      6 months ago

      I found it was pretty easy to get rid of the nag. I installed a different OS. For my development stuff that needs windows and I can’t run with wine (very few tools) - I have a VM running a windows version with 0 Internet access. Fuck that company sideways.