• Romkslrqusz@lemm.ee
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    1 year ago

    This article starts off with some inaccurate information right from the onset, so it leaves me with some credibility concerns that incline me to do some of my own testing.

    Since Windows 10 1803, both Windows 10 and 11 Home and Pro have automatically enabled Bitlocker Encryption during the Out Of Box Experience (OOBE) as long as the following conditions are met:

    • The device is UEFI and Secure Boot enabled
    • The device has a TPM2.0 device that is enabled
    • There are no un-allowed Direct Memory Access (DMA) capable devices on a DMA capable bus.
    • The user signed in using a Microsoft Account and had an active internet connection at the time.

    It is not specific to Windows 11 and has nothing to do with Home/Pro. This has been going on since 2018.

    They also mention encryption built-in to SSDs. That is a fundamentally different kind of encryption. With Bitlocker, removing an SSD from a device or accessing it from anything but the original Windows environment will require the user to enter a 25-digit key to gain data access. Without Bitlocker, the on-disk encryption does not prevent data access in those scenarios. That encryption key exists primarily so that you can secure erase the disk by changing the encryption key. The alternative is a block-level erasure, which would put wear and tear on the SSD.

    Pretty disappointing to see this coming from an otherwise reputable source like Tom’s Hardware.

    • tias@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      You’re off with your claims about built-in encryption. While there are drives that do what you describe, there are also drives that require a key to be provided to the drive for unlocking it. There’s an entire specification for how the authentication to the hard drive is made at boot or when mounting it.