view the rest of the comments
Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved...
What can you do when this happens... Asking for a friend...
it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.
uploading encryption keys makes encryption much less meaningful
Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.
personal data leaks frequently, that may include these
Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?
I'd like you to repeat it please. But slower this time.
Because they force you to use online accounts now, you can get it from the registered account via the Microsoft account page.
Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)
Luckily I was using a Microsoft account (usually I don't because fuck that) so the keys were automatically backupped
The automatic encryption and subsequent backup both took place because you were using a Microsoft Account
I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I'm on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn't use TPM? Should I hold on to the luks headers and master priv key backup?
LUKS don't use TPM
There's an extension that can unlock LUKS drives using the TPM, but by default it does not do that, and probably that extension isn't installed either