Comment by lazide
13 hours ago
Again, that is a lot of trust since it could trivially just… not show it. Which is already the default for most FDE systems for intermediate/system managed keys.
13 hours ago
Again, that is a lot of trust since it could trivially just… not show it. Which is already the default for most FDE systems for intermediate/system managed keys.
It could also just pretend to encrypt your drive with a null key and not do anything, either.
You need some implicit trust in a system to use it. And at worst, you can probably reverse engineer the (unencrypted) BitLocker metadata that preboot authentication reads.