What I could not find about Windows Home Device Encryption.

VBzerra 21 Reputation points
2021-09-18T11:31:29.15+00:00

Hello,

I'm trying to understand how the device encryption in windows 10 Home works (So it is not the Bitlocker of the pro version).

I Successfully activated it in my PC, I think that it worked because now appears a lock and key symbol in my C: unit (SSD).

But I'm used to the traditional encryption software like Veracrypt, where I choose a encryption key and then is very simple system like two doors.

1- First for the files encryption on boot, and the key is the encryption key.

2- Second the OS door (windows password).

But using device encryption I've got some questions,

  • why am I not prompted for any key at startup?
  • If someone get the Drive physically it would was encrypted?
  • If someone just access my PC and disable secure boot, they will have access to the files through another OS (bypassing my windows password)?
  • Finally, if someone crack the windows password, due to a flaw, the encryption is useless too?

Does this encryption method in Windows 10 Home has any documentation how it works? I could not find.
I Just find the Microsoft explanation that this encrypts your drive and the recovery key is stored in onedrive.

If I posted something in wrong way jus let me know.

Thank you.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,705 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,767 questions
Accepted answer
  1. Limitless Technology 39,391 Reputation points
    2021-09-20T10:41:14.517+00:00

    Hello VBzerra,

    I am not sure about Veracrypt, but we can be talking about 2 different methods here. Bitlocker does a hardware based encryption, by using the TPM chipset on your computer. This will be the point of reference for all encryption/decryption.

    why am I not prompted for any key at startup? TPM chip stored all the information. As long as there is no hardware change detected (or security enforcement) if will not prompt for authentication. Operating System will prompt for authentication on access base level.

    If someone get the Drive physically it would was encrypted? Yes, the device is always encrypted.

    If someone just access my PC and disable secure boot, they will have access to the files through another OS (bypassing my windows password)? Bitlocker BCD or TPM will detect that something changed, same as someone steals your drive and tries to load it in other computer. It will promtp for Key.

    You can see more details in: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq and https://learn.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview

    Hope this resolves your query,
    Best regards,

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest