> the people going to such lengths to ward off an attacker and the people who’d want to rely on fTPM with Bitlocker over FOSS full disk encryption with a dedicated passphrase are two entirely separate circles.
Bitlocker + PIN/password (hence my mention of a pre-boot password) is a good combination that isn't any worse than any "FOSS full disk encryption". Beyond the catchy titles of "Bitlocker hacked in 30s" is the reality that it takes just as many seconds to make it (to my knowledge) unhackable by setting a PIN or password.
Adding the (f)TPM improves the security because you don't just encrypt the data, you also tie it to that TPM, and can enforce TPM policies to place some limits on the decryption attempts.
> it is convenience, not security
It's convenience and (some) security by default. Not great security but good enough for most of those millions of Windows users. The security was the mandatory part, encrypting the storage by default. The convenience was added on top to get the buy-in for the security, otherwise people would complain or worse, disable the encryption. Whoever wants to remove that convenience and turn it into great security sets a PIN.
Bitlocker + PIN/password (hence my mention of a pre-boot password) is a good combination that isn't any worse than any "FOSS full disk encryption". Beyond the catchy titles of "Bitlocker hacked in 30s" is the reality that it takes just as many seconds to make it (to my knowledge) unhackable by setting a PIN or password.
Adding the (f)TPM improves the security because you don't just encrypt the data, you also tie it to that TPM, and can enforce TPM policies to place some limits on the decryption attempts.
> it is convenience, not security
It's convenience and (some) security by default. Not great security but good enough for most of those millions of Windows users. The security was the mandatory part, encrypting the storage by default. The convenience was added on top to get the buy-in for the security, otherwise people would complain or worse, disable the encryption. Whoever wants to remove that convenience and turn it into great security sets a PIN.