this post was submitted on 23 Jan 2026
1312 points (99.5% liked)

Technology

80503 readers
3838 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1312
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch (techcrunch.com)
submitted 1 week ago by commander@lemmy.world to c/technology@lemmy.world
215 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Kongar@lemmy.dbzer0.com 3 points 1 week ago (3 children)

And people make fun of me for turning off secure boot and tpm. They just cause grief for no benefit.

[–] partial_accumen@lemmy.world 7 points 1 week ago

As long as you're doing your own whole disk encryption, you have a valid path to still be secure. However, if you're running an unencrypted disk, you're much more likely to lose your data to a non-state actor.

[–] frongt@lemmy.zip 6 points 1 week ago

Well this isn't directly related to those, so maybe some derision is warranted.

[–] cley_faye@lemmy.world 3 points 1 week ago

Both are completely unrelated to the discussion. TPM sometimes have issues regarding their security, but you can certainly use Secure Boot with your own signing keys to ensure the kernel you run is one you installed, which improves security. And you can use TPM to either keep your FDE keys, or only part of them combined with a PIN if you don't fully trust them to be secure, so you keep strong encryption but with a bit of convenience.

Without a (properly configured) Secure Boot startup, anyone could just put a malware between the actual boot and your first kernel. If the first thing that happens when you boot is something asking for a password to be able to decrypt your storage, then an attacker can just put something here, grab your password, and let you proceed while storing in a a place it can be retrieved.

Is this scenario a concern for most people? That's unlikely. But every computer sold these last five years (at least!) can be setup to reduce this risk, so why not take advantage of it.