On Thu, Jul 28, 2022 at 2:39 PM Chris Adams <linux(a)cmadams.net> wrote:
Once upon a time, Vojtech Trefny <vtrefny(a)redhat.com> said:
> This is also what happens if you choose to "decrypt" your BitLocker
> volume in Windows so if it is this case, cryptsetup doesn't support
> it. We intentionally ignored this case mostly because it looked like a
> small corner case (if you choose do decrypt the volume, Windows will
> in the end fully decrypt the data and get rid of the BitLocker
> volume/container), but if it's going to be a widespread use, we might
> need to start looking into that. As Milan said, a reproducer and an
> upstream issue for cryptsetup would be nice.
Unfortunately, I don't know a reproducer, other than "buy a Thinkpad".
I don't actually know much about Windows stuff.
Ok, I found there is some OEM BitLocker configuration that sounds like
it might be it:
"BitLocker automatic device encryption starts during Out-of-box (OOBE)
experience.
However, protection is enabled (armed) only after users sign in with a
Microsoft Account
or an Azure Active Directory account. Until that, protection is
suspended and data is
not protected."
https://docs.microsoft.com/en-us/windows-hardware/design/device-experienc...
I'll try to find more and try to figure out how OEM installation works
with Windows and see if we can add support for this case to
cryptsetup.
--
Chris Adams <linux(a)cmadams.net>
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure