I currently have the system disk on my work laptop (Win-8 Pro) encrypted via Bitlocker. This system doesn’t ask me for a passphrase when it boots up; it just goes to the Windows login screen.
My vague understanding is that the TPM chip in the computer is storing the encryption key, so if someone removes the disk drive (well, SSD chip) from this computer and try to access it, they can’t. But what if they steal the whole laptop, which is far more likely? The data is only protected by the Windows user password at that point; how secure is that exactly? And what if someone boots the system from a USB drive? What prevents that operating system from using the TPM to access the internal drive?
I don’t know anything about this system, but based on…
It appears that the known vulnerability is to a “cold boot attack” which basically means that the power has to be on - or recently on - for it to work. The fact that this is mentioned - leads me to believe that other - more practical attacks don’t work (that are known) and the wiki page seems to suggest there is no back door.
That basically means to me you are safe, but of course - you’d still be vulnerable to stuff like key loggers - and if law enforcement REALLY wanted to - they could possibly get in with the cold boot attack. Unless you are committing major felonies or are protecting multi million dollar secrets - you are probably safe.
I thought a bitlocker pin was required. Evidently not. You can go to your bitlocker settings and add a bitlocker pin, then the PC boots to a pin screen, you enter the pin and then it goes to the Windows login screen. If you’re going to bother with BitLocker, you might as well include a pin.