That is indeed a worst case event to be wary of and avoid, for any secret data that one may need to retrieve infrequently. But my original point was that sealing the key to the TPM is better because it prevents…
The actual encryption key for the volume data isn't the recovery key, it's the FVEK (full volume encryption key), which is encrypted using the VMK (volume master key). The recovery key is a 128-bit value (entered as 8…
No, you would use the recovery key in that scenario.
BitLocker does this much better. With TPM+PIN mode, the TPM will only decrypt the volume master key if all the right hashes are in the platform configuration registers for the BIOS, option ROMs, MBR, filesystem headers…
That is indeed a worst case event to be wary of and avoid, for any secret data that one may need to retrieve infrequently. But my original point was that sealing the key to the TPM is better because it prevents…
The actual encryption key for the volume data isn't the recovery key, it's the FVEK (full volume encryption key), which is encrypted using the VMK (volume master key). The recovery key is a 128-bit value (entered as 8…
No, you would use the recovery key in that scenario.
BitLocker does this much better. With TPM+PIN mode, the TPM will only decrypt the volume master key if all the right hashes are in the platform configuration registers for the BIOS, option ROMs, MBR, filesystem headers…