Chris Murphy wrote: > cryptsetup does have Bitlocker support, so long as you have the recovery > key you can unlock and get access to your data, I've tested this. But you need a recovery key to begin with, because the main key is sealed in the TPM and not visible from anything other than Windows. So Bitlocker essentially forces Windows on you. > Bitlocker has nothing to do with Secure Boot. Disabling "Secure" (Restricted) Boot will change the TPM measurements and hence also prevent the key from being unsealed. https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures#uefi-and-secure-boot So Bitlocker essentially forces Restricted Boot on you. > This is entirely beside the point though, which is to try and make dual > boot as useful for users as possible. We want users to be confident about > both OS's remain accessible in a discoverable way, without having to jump > through hoops. Sure. Really sad though that we have to work around a broken piece of "security" software that effectively functions like a ransomware. Where is the outcry about this misfeature? Setting up Bitlocker behind the user's back, i.e., also without prompting for a passphrase, provides absolutely no security in the event of a stolen notebook because somebody else hitting the power button will NOT change the TPM measurements, the power button is not a fingerprint reader. Kevin Kofler _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
