Comment by londons_explore
2 days ago
Windows uses full disk encryption with keys from the TPM by default.
Nobody says "disable disk encryption right away incase the tom forgets the keys". The vast majority of TPM's manage to not forget the keys.
2 days ago
Windows uses full disk encryption with keys from the TPM by default.
Nobody says "disable disk encryption right away incase the tom forgets the keys". The vast majority of TPM's manage to not forget the keys.
They may not say "turn off bitlocker", but people definitely recommend backing up the recovery keys, and windows allows you to back up the key to microsoft because they know people won't actually back them up. Not sure if that happens by default, but they provide a variety of options for the recovery keys because there is definitely a non-zero chance you need them. There were several stories of this happening with the windows 10->11 upgrade push, where people were auto-updated and then scrambling to decrypt their hard drives.
If windows is encrypted with keys from the TPM anyways, then tailscale doesn't need to encrypt a second time.
Windows also bit me in the ass with this feature, but tailscale not enabling encryption wouldn't have helped one iota.
Local software could be stealing plaintext secrets from your encrypted disk. Physical access is not the only attack vector.
The only way to protect against that is if a secure application boundary is enforced by the operating system. You can make it harder for other programs to uncover secrets by encrypting them, but any other application can reverse the encryption. I don't believe using the tpm meaningfully changes that situation.
I'm curious. If the motherboard with the TPM dies, you're basically locked out of your data right? Keys backed up on MS server or not.
No, the backed up keys (MS server, file, printed) give you full access, they contain the full encryption key.
I suspect that they do not actually contain the encryption key. It is more convenient if the disk encryption key is stored on the disk, but separately encrypted. You actually want to store the key multiple times, one for each unlock method. If the disk can be unlocked with a password, then you store the key encrypted using the password (or encrypted using the output of a key derivation function run on the typed password). If it can be unlocked with a smartcard, then you store a copy that is encrypted using a key stored in the card. When Bitlocker uses the TPM, it no doubt asks the TPM to encrypt the key and then stores that on the disk. To decrypt the disk it can ask the TPM to decrypt the stored key, which will only succeed if the TPM is in the same state that it was in when the key was encrypted.
The reason it's done this way is to allow multiple methods of accessing the disk, to allow the encryption password to be changed without having to rewrite every single sector of the disk, etc, etc. You can even “erase” the disk in one swift operation by simply erasing all copies of the key.
3 replies →