Real and fuck Microsoft
Yep, happened with my wife’s laptop. Fortunately you just follow the instructions and we had a second laptop but I was still sweating bullets.
Microsoft’s SSO is an absolute train wreck. I’d rather pound my pecker flat with a mallet than deal with another Microsoft account.
…and grounds for committing sudoku. 🤣
Ahh you mentioned the number puzzle sudoku. What you were looking for, was the word for japanese honour suicide: sirtaki.
You mean Sriracha.
No, Sriracha is a spicy sauce made from hot peppers and garlic. You’re thinking of Siddhartha.
No, Siddhartha is a novel by Hermann Hesse about spiritual discovery.
You’re thinking of Sebulba.
Literally happened to me two days ago. Everything was fine until i installed gpu drivers and then it said “plz give secure boot password” and i had to abort mid install. Also was infront of a fresh linux recruit.
That secure boot password was probably from akmods preparing its key so that it can sign the kernel module of the driver. This key needs to be loaded into the UEFI to use the driver with secure boot enabled. It shouldn’t affect the bit locker key in theory, but you never know…
How can something “enable itself” while requiring a password?
it was already enabled, he just tripped secureboot.
Fuck, I’m gonna have to enable secure boot (and use windows) to play the BF6 open beta, am I gonna get the same buillshit ?
If it doesn’t affect my Linux drives I don’t care much tbh, I’ll probably just nuke windows and reinstall it
Even if you enable Secure Boot, you can disable BitLocker, and that will prevent this from happening.
The only thing BitLocker really does is make it so that if somebody steals your computer and doesn’t have your password, all of your files will be encrypted, so they don’t get your files too.
Depending on your risk preference, it is okay to disable it.
Of course, if your computer does not have a password, or if the password is something really easy, then there’s no point in bitlocker in the first place.
As nice as most distros are, I wouldn’t recommend installing it on Gpa’s/Parent’s PC, simply because if a problem arrives most people won’t be able to give them a fix easily, unless they also know how to use Linux.
i installed mint for my extremely non-technical parent and the only time they have issues is when trying to use windows stuff. so a non-issue.
Installed mint for an elderly relative that only uses it for YouTube and email, the only calls I get are when mozzila stops working because the version is too old
- The average user has no need to use Bitlocker
- The average user should be using a local account instead of a Microsoft Account.
- Using a Microsoft Account causes Bitlocker to auto-enable.
- Loss of access to your Microsoft Account when Bitlocker is enabled can cause loss of all your data.
- Microsoft can and will roundly ignore you if you lose access to your Microsoft Account.
Microsoft has painted users into a very dangerous corner. Security is vitally important, but not when it’s almost maliciously implemented.
Even as a security professional I understand that most people will be ill served by having their computer locked down like Fort Knox. There are ways of ensuring security without having all personal content go permanently poof with the slightest wrong move.
100% agree with the sentiment. Working in IT makes you realize how incapable some people can be with even the simplest computer tasks at times. What would you recommend as an alternative for secure data in the case of the average person? File level encryption instead of disk level? Wondering what would be the best way to go about getting my family to secure their private info.
This is partly Microsoft’s fault, for sure, but it’s also more of a function of how secureboot works. A Linux system using TPM backed FDE with secureboot enabled would have the same problem going the other way.
Secureboot prevents a lot of ways the TPM could be compromised, so as part of “securely” turning it off, it wipes the keys (otherwise those protections would be pointless, the first thing an attacker would do would be to turn off secureboot).
The main problem is it turning itself on with no input from or feedback to the user, and not giving the user access to the key without using a Microsoft account. I’ve heard of people getting screwed by this because they set up with a local account and thus never got their secureboot key (or did, but it was hidden somewhere and they were never told to save it).
I’m trying to get secure boot working on cachyOS using sbctl but my Razer Blade laptop’s bios seems locked and won’t let get it in setup mode. Anyone know if it’s possible to clear vendor keys on razer’s American mega trends UEFI?
You might get an answer on !linux@lemmy.world. I had a similar issue and eventually returned a minipc because of it.
