Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.

Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.

Control Panel > System Security > Bitlocker Encryption.

BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.

  • DFX4509B@lemmy.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    6 months ago

    Good luck locking loose mainboards sold for the DIY market, which don’t come with anything installed by default, to a given OS, the only way that could maybe work is forcing the OS in ROM.

    Another way would be to discontinue the socketed desktop form factors and replace them all with mini PCs that are as locked down as the current Macs.

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      6 months ago

      Thinking for two seconds:

      MS pays Google to start enforcing some device verification thing so you can only view a good chunk of the Internet if you pass verification? (Assumes Google goes even harder making the web Chrome-focused)

      Ooh Cloudflare could be invited to the party here too. Constant CAPTCHAs if you’re not on an MS AUTHENTI-PC! device. (Think Private Access Token)

      …fill in the gaps friends 😉 you know MS has already debated all your “suggestions” anyway

      • theblips@lemm.ee
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        6 months ago

        Google already does precisely that with their “open source” mobile OS. People underestimate how easily these guys can ruin stuff

          • theblips@lemm.ee
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            6 months ago

            First off, Google has made agressive deals with phone manufacturers to ship spyware with their phones by default, and some of the stuff can only get taken out by rooting/jailbreaking the phone. By doing so, they acquired nearly 100% of the app store market share, and then used it to make “useful features” such as integrity checks that are tied to the Play Services app (which is an always on spyware background app).
            The end result is, even if you manage to root your phone and install a custom ROM (which is not always available to every model), a bunch of apps will refuse to work properly because you fail the Google Play fingerprinting steps and are assumed to be a security vulnerability. If I’m not mistaken there’s also some shady stuff with certificates, too

            • brbposting@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              Ohhhh ya so not all bank apps work on e.g. Graphene making it dead in the water for people who, say, wanna have a single device that can do anything while traveling. Super bogus.

              Thanks :)

      • DFX4509B@lemmy.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        6 months ago

        So you’re suggesting MS will somehow block non-Windows OSes from installing, even on hardware like loose mainboards for building your own PC with, or even on barebones mini PC kits or certain laptop SKUs, which don’t ship with an OS installed to begin with and expect the user to install it themselves? I mean, unless something extreme happens like changing the entire PC platform to be like the current Macs, that won’t be feasible.

        Also, doing that would kill the Steam Deck which I doubt Valve would take sitting down.

        • Something Burger 🍔@jlai.lu
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          6 months ago

          SecureBoot pretty much does this. There is nothing preventing motherboard manufacturers from blocking adding non-MS keys if they wanted to.

          • DFX4509B@lemmy.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            Except AFAIK loose mainboards aimed at the DIY market, as well as barebones kits, don’t ship with SecureBoot turned on by default and an off switch for that is mandatory to the PC spec.

        • KeenFlame@feddit.nu
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          No. You know nobody can do that. It’s illegal almost everywhere to even try. But in usa maybe happening soon. They can still import parts for years until they ban that too

        • brbposting@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          6 months ago

          Ah no

          so you can only view a good chunk of the Internet if you pass verification

          /

          Constant CAPTCHAs

          Get Google & Cloudflare to make the internet suck if you didn’t pay Microsoft[‘s vendors] “enough” for hardware

          Just sounds great doesn’t it?!

      • michaelmrose@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        6 months ago

        This is already part of the trusted computing spec its called “remote attestation” I would actually expect it more targeted at multimedia who are hot to keep you from copying their stuff and banks.