<<< Leaving Citi 

Full-disk encryption & TPM2026-04-03

We had a cool discussion on full-disk encryption🔏 with @Szabo, Krisztian, @Menyhart, Zsolt and @Bordas Istvan. Let me share some of my takeaways.

Background: In corporate environments, employees use laptops, and when these laptops get inevitably lost/stolen, gigabytes of sensitive/customer data can be leaked. You are required to notify customers&regulators, who get pissed off, fines and lawsuits follow, etc. Therefore, it is a no-brainer encrypt to the whole drive of laptops. This protects against a thief using highly advanced technologies (e.g. screwdriver🪛😄) for removing the drive, inserting it in another machine, and thus circumventing OS level protection. If the thief cannot decrypt the data, you did not leak your sensitive/customer data. No compliance nightmare, you just lost some hardware. Of course, encryption does not count, if you put the decryption key in clear right next to the encrypted data.

Traditional full-disk encryption schemes (often used in Linux native LUKS) ask for a password before booting the OS:

  • The machine boots from a small unencrypted part of the drive, and prompts for your password (or token, etc).
  • A key is derived from the password; the rest of the drive is encrypted, and can be decrypted using this key.
  • Going forward, data read from the drive is decrypted, data written to the drive is encrypted with this key transparently.
  • Thus can the OS boot up, so you can login.

You may have seen BitLocker+TPM first boot an OS and then ask for a password. It works as follows:

  • The master key is stored in the machine's TPM chip (Trusted Platform Module).
  • During boot-up, TPM validates if key components of the machine have changed.
  • If the hardware is the same, TPM gives access to the decryption key and the OS boots up and you can log in.

IMO this latter is fishy🐟:

  • 👉 In the traditional setup the decryption key is not there, this forces the thief to break cryptography (considered impossible unless they have unrealistic resources).
  • 👉 In case of TPM, it is a fair assumption that extracting the key from the TPM chip is beyond the capabilities of most attackers. However, in this TPM setup the thief can get to a running OS which has access to the decrypted data. Attacking such an OS when you have physical access to the machine is MUCH easier.

This is not a BitLocker vs LUKS thing; both can function in both setups.

This is not a TPM thing either; TPM can be set up to ask for a password before the OS boots up.

There are pros and cons for both the user entering the password and for storing it in the TPM chip; e.g. TPM chip's integrity check can 'lock' the drive to the given machine, and may even defend vs the 'evil maid' attack.

However, if a lost laptop's OS can boot up without any credentials, I am not sure on can confidently say: 'no worries, the drive was encrypted, no data is leaked'. Even if the thief cannot remove the drive, an OS login's security is just not in the same league as encryption.

What do you think?

 

This post was first published on Linkedin here on 2026-04-01.

 

 

 
This is my personal website, opinions expressed here are strictly my own, and do not reflect the opinion of my employer. My English blog is experimental and only a small portion of my Hungarian blog is available in English. Contents of my blog may be freely used according to Creative Commons license CC BY.