Once upon a time, Vojtech Trefny <vtrefny(a)redhat.com> said:
"BitLocker automatic device encryption starts during Out-of-box
(OOBE)
experience.
However, protection is enabled (armed) only after users sign in with a
Microsoft Account
or an Azure Active Directory account. Until that, protection is
suspended and data is
not protected."
https://docs.microsoft.com/en-us/windows-hardware/design/device-experienc...
I'll try to find more and try to figure out how OEM installation works
with Windows and see if we can add support for this case to
cryptsetup.
That sounds like what I did - I specificallly avoided making a Microsoft
account to sign in (it's Windows Pro, so I went through initial config
with no network connected/configured).
--
Chris Adams <linux(a)cmadams.net>