mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#bitlocker

3 posts1 participant0 posts today
Syralist<p>Mit Windows 11 kam hier auf Arbeit jetzt der Zwang, USB Sticks mit Bitlocker zu verschlüsseln. So weit, so nachvollziehbar. <br>Jetzt steht der seit über einer Stunde auf "100.0% abgeschlossen", aber beendet den Vorgang nicht. <br>Das Laufwerk heißt D: und ich fühle das als Emotion sehr! <br><a href="https://troet.cafe/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a> <br>PS: Der Stick ist nagelneu und leer, was macht der da die ganze Zeit?</p>
c't Magazin<p>Wenn bei einem Windows-PC die Geräteverschlüsselung Probleme macht, dann meistens so richtig, und dann müsst ihr den "Bitlocker-Wiederherstellungsschlüssel" zur Hand haben. ☝️🤓</p><p>Im ganzen Video zeigen wir euch, wie ihr den Wiederherstellungsschlüssel direkt in Windows anzeigen könnt: <a href="https://www.youtube.com/watch?v=TjHmoQminxw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=TjHmoQminx</span><span class="invisible">w</span></a></p><p><a href="https://social.heise.de/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://social.heise.de/tags/Bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitlocker</span></a></p>
Lynn Keller<p>This looks like a virus. <br>It's <a href="https://socel.net/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> , who has assigned to anyone using Windows something called a <a href="https://socel.net/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a> key and put it into your Microsoft account. If you have more than one, be sure you can get into them. If you cannot find this key you lose your data. <br>I'm in a 3rd world country and got locked out. I have a recent Microsoft account-- no key. <br>It was in an obsolete account not used for 20 years.</p>
halfa<p>And it does 🥳 !<br>I did take the precaution of disabling temporarily <a href="https://mastodon.tedomum.net/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a> to make sure it picked up the new TPM measurements after the secure boot settings change, and it look like it worked. Definitely keep your bitlocker recovery key nearby though if you do this.</p>
halfa<p>Now the question is: does <a href="https://mastodon.tedomum.net/tags/windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows11</span></a> boot still? Or did I screw up <a href="https://mastodon.tedomum.net/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a> by messing up with the TPM and secure boot settings?</p>
matthew - retroedge.techI am doing the data recovery on this now. <br><br>Laptop had Bitlocker enabled. I had to talk the laptop owner through how to access the Bitlocker key in his Microsoft account. <br><br>Thankfully the recovery key worked to unlock it. Turning Bitlocker off now. <br><br>The screen was damaged on this XPS laptop. I just have the internal screen cable unplugged and am using a Dell Thunderbolt dock to view with an external screen. <br><br>This Dell XPS only has USB-C form factor Thunderbolt ports, no regular USB ports or even an HDMI. <br><br><a class="hashtag" href="https://social.retroedge.tech/tag/dell" rel="nofollow noopener" target="_blank">#Dell</a> <a class="hashtag" href="https://social.retroedge.tech/tag/xps" rel="nofollow noopener" target="_blank">#XPS</a> <a class="hashtag" href="https://social.retroedge.tech/tag/bitlocker" rel="nofollow noopener" target="_blank">#Bitlocker</a> <a class="hashtag" href="https://social.retroedge.tech/tag/microsoft" rel="nofollow noopener" target="_blank">#Microsoft</a><span class="quote-inline"><br><br>RT: <a href="https://social.retroedge.tech/objects/06c33a3a-dcf5-4c5d-9eac-5cc3c869660d" rel="nofollow noopener" target="_blank">https://social.retroedge.tech/objects/06c33a3a-dcf5-4c5d-9eac-5cc3c869660d</a></span>
Constantin Milos<p>Bypassing <a href="https://infosec.exchange/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> Encryption: Bitpixie PoC and <a href="https://infosec.exchange/tags/WinPE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WinPE</span></a> Edition<br><a href="https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.compass-security.com/2025</span><span class="invisible">/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows10</span></a> emergency updates fix <a href="https://mastodon.thenewoil.org/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> recovery issues</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-fix-bitlocker-recovery-issues/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/windows-10-emergency-updates-fix-bitlocker-recovery-issues/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a></p>
jesterchen42<p><span class="h-card" translate="no"><a href="https://mstdn.social/@hkrn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hkrn</span></a></span> Wait, what?</p><p>"You can retrieve the BitLocker recovery key by logging into the BitLocker recovery screen portal with your Microsoft account"</p><p>So you're telling me, the bitlocker recovery key is uploaded to Microsoft without consent or knowledge?! (I don't use Windows, so I cannot check this.)</p><p>That'd be a huge risk - both for companies and individuals: compromised cryptographic keys.</p><p><a href="https://social.tchncs.de/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://social.tchncs.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.tchncs.de/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://social.tchncs.de/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> confirms May <a href="https://mastodon.thenewoil.org/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows10</span></a> updates trigger <a href="https://mastodon.thenewoil.org/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> recovery</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-may-windows-10-updates-trigger-bitlocker-recovery/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-confirms-may-windows-10-updates-trigger-bitlocker-recovery/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> 10 KB5058379 update triggers <a href="https://mastodon.thenewoil.org/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> recovery on some devices</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5058379-update-triggering-bitlocker-recovery-after-install/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/windows-10-kb5058379-update-triggering-bitlocker-recovery-after-install/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a></p>
All Things Open<p>🚀 NEW on We ❤️ Open Source 🚀</p><p>HP Pavilion locked by BitLocker? <span class="h-card" translate="no"><a href="https://mastodon.social/@linuxnerd" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>linuxnerd</span></a></span> tackled it with open source tools, wiped the encrypted NVME with dd, and installed Fedora 41 KDE.</p><p>Read the full breakdown of this Linux rescue: <a href="https://allthingsopen.org/articles/how-to-install-linux-remove-bitlocker-encryption" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">allthingsopen.org/articles/how</span><span class="invisible">-to-install-linux-remove-bitlocker-encryption</span></a></p><p><a href="https://mastodon.social/tags/WeLoveOpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeLoveOpenSource</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a></p>
IrishMASMS<p>Talking with the folks in the local <a href="https://defcon.social/tags/vintage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintage</span></a> / <a href="https://defcon.social/tags/retrocomputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retrocomputing</span></a> community, they clued me in that the <a href="https://defcon.social/tags/ThinkPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThinkPad</span></a> <a href="https://defcon.social/tags/RAID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAID</span></a> is a steaming pile of 💩 and not worth the trouble. </p><p>🤷 Oh well. Thanks for cluing me in</p><p>So I swapped out the two testing <a href="https://defcon.social/tags/NVMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NVMe</span></a> drives I was using and reinstalled the original sticks - to have <a href="https://defcon.social/tags/windoz10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windoz10</span></a> demanding for the <a href="https://defcon.social/tags/bitlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitlocker</span></a> recovery key. 🤦‍♂️ </p><p>Well, time to wipe &amp; install <a href="https://defcon.social/tags/windoz11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windoz11</span></a> then. </p><p>Install went fine, only 4 rando <a href="https://defcon.social/tags/drivers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>drivers</span></a> to find for all <a href="https://defcon.social/tags/devices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devices</span></a> to be recognized and working. </p><p>Using my <a href="https://defcon.social/tags/CTT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTT</span></a> scripts to install the majority of applications, then to remove the <a href="https://defcon.social/tags/spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spyware</span></a> <a href="https://defcon.social/tags/bloatware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bloatware</span></a> and other garbage <a href="https://defcon.social/tags/micro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>micro</span></a>$oft added to <a href="https://defcon.social/tags/windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows11</span></a> </p><p>Then migrate my <a href="https://defcon.social/tags/data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>data</span></a> from my other ThinkPad. Welcome to my <a href="https://defcon.social/tags/sunday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sunday</span></a> <a href="https://defcon.social/tags/funday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>funday</span></a> </p><p> <a href="https://defcon.social/tags/siliconValley" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>siliconValley</span></a> <a href="https://defcon.social/tags/SillyValley" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SillyValley</span></a> <a href="https://defcon.social/tags/sanfrancisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfrancisco</span></a> <a href="https://defcon.social/tags/sanfran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfran</span></a> <a href="https://defcon.social/tags/sanfranciscocomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfranciscocomputers</span></a> <a href="https://defcon.social/tags/sanfrancomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfrancomputers</span></a> <a href="https://defcon.social/tags/sanfranciscovintagecomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfranciscovintagecomputers</span></a> <a href="https://defcon.social/tags/sanfranvintagecomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfranvintagecomputers</span></a> <a href="https://defcon.social/tags/sanfranciscovintagehardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfranciscovintagehardware</span></a> <a href="https://defcon.social/tags/sanfranvin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanfranvin</span></a>-tagehardware <br><a href="https://defcon.social/tags/vintagecomputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagecomputing</span></a> <a href="https://defcon.social/tags/vintagecomputint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagecomputint</span></a> <a href="https://defcon.social/tags/vintagecomputer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagecomputer</span></a> <a href="https://defcon.social/tags/vintagecomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagecomputers</span></a> <a href="https://defcon.social/tags/vintagecomputalk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagecomputalk</span></a><br><a href="https://defcon.social/tags/vintagehardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintagehardware</span></a> <a href="https://defcon.social/tags/computerHistory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computerHistory</span></a> <a href="https://defcon.social/tags/retro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retro</span></a> <a href="https://defcon.social/tags/VCF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCF</span></a> <a href="https://defcon.social/tags/vintageComputerFestival" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vintageComputerFestival</span></a> <br><a href="https://defcon.social/tags/retrocomputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retrocomputing</span></a> <a href="https://defcon.social/tags/retroComputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retroComputers</span></a> <a href="https://defcon.social/tags/WallOfRetro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WallOfRetro</span></a> <a href="https://defcon.social/tags/retroTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retroTech</span></a> <a href="https://defcon.social/tags/retroTechnology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>retroTechnology</span></a><br><a href="https://defcon.social/tags/nerdsOfVintage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nerdsOfVintage</span></a> <a href="https://defcon.social/tags/happyNerding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>happyNerding</span></a> <br><a href="https://defcon.social/tags/computer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computer</span></a> <a href="https://defcon.social/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://defcon.social/tags/computerHardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computerHardware</span></a> <a href="https://defcon.social/tags/laptop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>laptop</span></a> <a href="https://defcon.social/tags/laptops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>laptops</span></a> <br><a href="https://defcon.social/tags/IBM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IBM</span></a> <a href="https://defcon.social/tags/thinkpad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thinkpad</span></a> <a href="https://defcon.social/tags/thinkpads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thinkpads</span></a> <a href="https://defcon.social/tags/VintageThinkPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VintageThinkPad</span></a> <a href="https://defcon.social/tags/X86" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>X86</span></a> <a href="https://defcon.social/tags/WindowsVista" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsVista</span></a> <a href="https://defcon.social/tags/IBMhardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IBMhardware</span></a> <a href="https://defcon.social/tags/lenovoHard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lenovoHard</span></a>-ware <a href="https://defcon.social/tags/Thinkpadnium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thinkpadnium</span></a><br><a href="https://defcon.social/tags/upcycle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>upcycle</span></a> <a href="https://defcon.social/tags/restore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>restore</span></a> <a href="https://defcon.social/tags/TechnologyRepair" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechnologyRepair</span></a> <a href="https://defcon.social/tags/ThinkPadRepair" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThinkPadRepair</span></a> <a href="https://defcon.social/tags/WasteNotWantNot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WasteNotWantNot</span></a> <a href="https://defcon.social/tags/Thinkpadnium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thinkpadnium</span></a><br><a href="https://defcon.social/tags/makeShitMonday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>makeShitMonday</span></a> <a href="https://defcon.social/tags/showmewhatyougot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>showmewhatyougot</span></a></p>
Yann'rel La,Trame<p><a href="https://mamot.fr/tags/Help" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Help</span></a> <a href="https://mamot.fr/tags/MaydayBonjour" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaydayBonjour</span></a> à tous, j'ai encore besoin d'aide, j'ai commencé à regarder par moi-même. Mais là c'est plus gros et je préfère prendre des avis plus experts sur <a href="https://mamot.fr/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> et <a href="https://mamot.fr/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> (ne me jeté pas la pierre, je passe à Linux avant octobre c'est promis). J'ai fait une erreur qui a été d'installé un nouvel antivirus sans désinstallé l'ancien. Résultat hier soir je suis tombé sur un <a href="https://mamot.fr/tags/BlueScreenofDeath" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueScreenofDeath</span></a> avec <a href="https://mamot.fr/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> qui me demande un clé de récupération d'un compte que je n'ai pas…</p>
Feike<p><span class="h-card" translate="no"><a href="https://mstdn.social/@darkling" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>darkling</span></a></span> <span class="h-card" translate="no"><a href="https://mastos.online/@nicholasr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nicholasr</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@nixCraft" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nixCraft</span></a></span> in my opinion, I rather have a disk with <a href="https://mastodon.social/tags/LUKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LUKS</span></a> encryption than <a href="https://mastodon.social/tags/NTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NTFS</span></a> <a href="https://mastodon.social/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a></p>
Feike<p><span class="h-card" translate="no"><a href="https://mstdn.social/@darkling" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>darkling</span></a></span> <span class="h-card" translate="no"><a href="https://mastos.online/@nicholasr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nicholasr</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@nixCraft" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nixCraft</span></a></span> 😄 disk encryption is overrated: you can also make an encryption container of some sort where you can store you files, which needed encryption! <a href="https://mastodon.social/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VeraCrypt</span></a> it is called I beleeve. <br>It's also quite nice that on <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> you can chóóse disk encryption or not! If I would want it on <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>, I wouldn't want to have <a href="https://mastodon.social/tags/NTFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NTFS</span></a> or <a href="https://mastodon.social/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a> touching my files! I don't understand it -- on Linux it is just encrypted, asks your passphrase each time you start up you pc, and decryps.</p>
openSUSE Linux<p>As a follow-up to Full Disk Encryption for those moving from <a href="https://fosstodon.org/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows10</span></a>, <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a> offers <a href="https://fosstodon.org/tags/FDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FDE</span></a> secured by TPM2 or FIDO2 for <a href="https://fosstodon.org/tags/BitLocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitLocker</span></a>-like security. 🔐🛡️ <a href="https://fosstodon.org/tags/10isEnough" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>10isEnough</span></a> <a href="https://fosstodon.org/tags/EndofWindows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndofWindows10</span></a> <a href="https://fosstodon.org/tags/UpgradetoFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UpgradetoFreedom</span></a> today! <a href="https://news.opensuse.org/2024/09/20/quickstart-fde-yast2/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.opensuse.org/2024/09/20/q</span><span class="invisible">uickstart-fde-yast2/</span></a></p>

I’ve updated my bitlocker attacks list https://github.com/Wack0/bitlocker-attacks

The main addition here is documentation of “break out in hives” (CVE-2024-20666, nice) and its variant (CVE-2025-21213).

The most interesting thing here is that it’s technically still not fixed - the fix was only applied to the PCA2023-signed bootmgr_ex, so without the KB5025885 mitigations applied (and other default settings which nobody ever changes), you’re still vulnerable without even needing a downgrade attack for bootmgr.

(If you’re using TPM-only bitlocker, you really should be using legacy integrity validation - that is, Allow Secure Boot for integrity validation policy DISABLED with PCRs 0,2,4,7,11 set - legacy integrity validation was never vulnerable to these issues in the first place! This would imply bitlocker potentially going into recovery more often with windows updates, but it’s a choice between that and currently broken bitlocker vulnerable to various boot-time software issues combined with downgrade attacks)

The main issue here is that starting from Windows 10 (th1), the systemdatadevice element was added to winload; if present the SYSTEM hive is loaded from this block device instead of the (bitlocker encrypted) OS partition.

Therefore, the first (easiest) exploitation method was to pull a SYSTEM hive from boot.wim, modify it to set SYSTEM\Setup!CmdLine to cmd.exe, and set up the WinRE boot entry to use it; booting WinRE would then pop a SYSTEM shell with bitlocker keys derived and in memory.

The original fix just removed the systemdatadevice support from winload, but (at least in some cases) the older revisions of winload (for the same major Windows version) would still boot Windows successfully; thus the second exploitation method: configure BCD to load winload from somewhere else (downgrade attack), booting the bitlocker-encrypted OS with custom SYSTEM hive taken from install.wim - it turned out that without winpe also set, this corrupted the SYSTEM hive on the bitlocker-encrypted OS partition; also the Win32 subsystem would fail to load, but native code execution would still work when setting SYSTEM\ControlSet001\Control\Session Manager!SetupExecute. Therefore, I took the old Native Shell codebase, ported it to AMD64, and modified it to acquire SeRestorePrivilege and open files with FILE_OPEN_FOR_BACKUP_INTENT (so permission checks would be ignored, so it’s possible to do the sethc trick at this point).

“My daughter’s personal computer, she uses for school work, came up with needing a BitLocker recovery password.”

Over the weekend I was contacted by a dad on the other side of the country trying to locate the BitLocker key. This is a very common problem. Microsoft’s position is, “Don’t worry, we store you BitLocker keys for you in your Microsoft account!” Microsoft’s attitude seems like: “I know you’re in water over your head, and you can’t swim, and you’re drowning and choking, but don’t worry, we have life preservers right here on the boat. Come get one!”

The reality is that many people have no idea what to do when faced with this challenge.

You must protect yourself. Get your BitLocker recovery key for every BitLocker device, and store it safely yourself. You can find information on how to get your recovery key by searching for “find my BitLocker recovery key,” or a similar phrase, using any search engine.

If you don’t want to do that, contact me, and I’ll help you get your BitLocker key(s) for a very reasonable fee.

#CallMeIfYouNeedMe #FIFONetworks