On Tue, Jul 26, 2022, at 9:15 PM, Kevin Kofler via devel wrote: > Chris Murphy wrote: >> Summary: Windows 10/11 increasingly enables Bitlocker (full disk >> encryption) out of the box with the encryption key sealed in the TPM. > […] >> The Bitlocker encryption key is unsealed only if the boot chain >> measurement by the TPM matches the expected values in a TPM PCR. > > So, basically, they set up things without the user's knowledge so that the > user's data can only be decrypted from Windows, only when booted directly, > and only with Restricted Boot enabled. Does that not fit the definition of > ransomware? Treacherous Computing at its finest… Does anyone still believe > that all this is about security? cryptsetup does have Bitlocker support, so long as you have the recovery key you can unlock and get access to your data, I've tested this. Bitlocker has nothing to do with Secure Boot. This is entirely beside the point though, which is to try and make dual boot as useful for users as possible. We want users to be confident about both OS's remain accessible in a discoverable way, without having to jump through hoops. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
