Comment by _verandaguy

Comment by _verandaguy 15 hours ago

3 replies

View on Hacker News

This was actually a problem for me on my current gaming PC build!

I had switched to a new AM4 mobo a few years back and decided to spring for a pluggable TPM chip (since the CPU I have doesn't come with TPM onboard). Plugged it in, set everything up pretty seamlessly in windows, no fuss, no muss, boot drive's encrypted transparently. The lack of a password was a bit jarring at first, but it's a gaming PC, so if things go pear-shaped it's not the end of the world.

Fast forward six months and my PC suddently refuses to boot; turns out the pluggable TPM thing was defective and stopped working (without any warning that got surfaced to me).

It was just my boot drive, and reinstalling windows isn't a huge hassle, but it definitely cemented my mixed feelings about passwordless FDE. Had that been the drive I use for my photo library, or my software projects, or work-related documents (tax slips, employment contracts, whatever), that would've been devastating.

It's actually made me rethink the strategy I use for my laptop's backups, and I think I'm in a better place about that now.

foepys 14 hours ago

Don't all AM4 CPUs feature fTPM which is a firmware-based TPM? Bitlocker at least accepts this as secure enough to boot Windows 11.

Reply View 1 reply
  • _verandaguy 13 hours ago

    Frankly, it's possible; I don't remember at this point. At the time, I just decided to go for a separate chip since I hadn't heard of fTPM being available at the time. The chip in question's a 3900X and it's still running smoothly.

    Reply View 0 replies
sedatk 12 hours ago

You can add alternative Bitlocker decryption mechanisms including a strong password using manage-bde CLI tool. Also, Bitlocker gives you the opportunity to save your recovery data externally in case you lose all your authentication mechanisms. I'm surprised that you lost your data.

Reply View 0 replies