"kef" <k@k.lt> wrote in message news:plllit$8ll$1@trimpas.omnitel.net...
> 1. Asuso naujas bookas su W10 Home. Bitlockeris (TPM) ant C ijungtas, nors 
> useris to nemato nes Home... Pamatai tik per manage-bde, nors kokio velnio 
> ten listi kai ikona prie C: be spynos. Tai pamatai uzsikroves is toolsu 
> disko kai gauni C neskaitoma.
>
> 2. Uzsibootini ta pati is Win install disko - Install mygtuko lange spaudi 
> recovery - troubleshoot - command prompt. Bitlockeris patyliukais 
> atrakinamas net nesuprasi kad buvo, kopijuok kur nori kiek nori. Tai va, 
> norint kad tas B butu ne musems baidyti turi ir bios admin pass tureti su 
> boot from blokavimu.

greiciausiai kazko nezinai. ir greiciausiai ne bitlockeris, bet "device 
encryption". as pamenu kazkur skaiciau, kad tai reiskia, jog kryptinimas is 
tikro dar nesukonfigintas, ir yra naudojamas defaultinis/nulinis raktas, 
jeigu useris be pass. todel turi be problemu atsirakinti ir uzsikrovus is 
"toolsu" disko, tik reikia papildomu veiksmu.

apskritai su tuo bitlockeriu niuansu pilna, siuo atveju net neaisku ar 
naudojamas hardwarinis SSD kodavimas (ale OPAL ir panasiai), ar kiti 
metodai. siaip ten tikrai yra kur gilintis (bent jau man paciam), kad 
suprasti kaip teisingai visa tai sukonfiguruoti (ir patikrinti kuriuo rezimu 
tai veikia, jei veikia), tada ir visokiu klaidingu isankstiniu ispudziu 
turetu maziau kilti, ir butu isvengiama neteisingu palyginimu.

dar tokia info pvz, nesvarbu, kad apie win 8.1:

Device Encryption is a new consumer-oriented security feature of Windows 8.1 
that automatically encrypts the Operating System (OS) drive and all fixed 
data drives. Rather than requiring the user or administrator to enable and 
configure the encryption, the platform's drives are encrypted 
out-of-the-box. The encryption is invisible during normal use: users can log 
in and use the system just as they would use an unencrypted system. If 
someone stole the system however he wouldn't be able to get at any of the 
data without knowing the user account's password. This is because the device 
encryption key is protected by a secret derived from the user account's 
password. You can check the Device Encryption status of your Windows 8.1 
system at the bottom of the "PC Info" section in the device settings.

> 3. Kita instaliacija, vietoj TPM bitlocker pass. Bootini is to pacio win 
> install disko, next, recovery - command prompt. "Ka tu man bitlocker pass 
> kisi???, vesk N zenkli bitlocker recovery key..., jei turi "

nepakomentuosiu, reikia daugiau zinoti :) bet zinau, kad ir secure boot su 
visu tuo bitlockeriu siejasi. ijungus/isjungus galima pamatyti visai 
kitokius rezultatus.

If you change the secure boot setting (on to off or vv) though by fiddling 
with the BIOS settings it will trigger a change that requires your whole 48 
digit bitlocker key to be entered so if you want to change it suspend 
bitlocker and then restart (so you can make your BIOS change).

You need to do the same "suspend bitlocker/reboot" cycle for any other BIOS 
change that impacts on boot.

https://www.tenforums.com/antivirus-firewalls-system-security/90970-secure-boot-bitlocker.html

sakau, bent jau as kai pasigilinau tai issiziojau, kiek visokiu povandeniniu 
akmenu sitame reikale uzslepta :) uz "bitlocker" slepiasi daug dalyku, net 
gi priklauso nuo to, koks stovi SSD. kai nesigilini tai atrodo paprasta. bet 
kai paskaitinejau, tai pradejau abejoti kaip teisingai ijungti ta suknista 
encryptiona skirtingais atvejais (OPAL, etc) apskritai :D

pvz:

Requirements
These are the system requirements according to TechNet:

For data drives:

  a.. The drive must be in an uninitialized state.
  b.. The drive must be in a security inactive state.
If the drive is used as a startup drive the following apply additionally:

  a.. The computer must always boot natively from UEFI.
  b.. The computer must have the Compatibility Support Module (CSM) disabled 
in UEFI.
  c.. The computer must be UEFI 2.3.1 based and have the 
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL defined.

https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/