WHY use TPM with bitlocker?

i still have to understand WHY to use TPM with bitlocker. these are my concerns, i tried to use bitlocker with my tpm but the encryption was "free" without to enter any password at boot. Ok this kind of encryption is useful ONLY IF a thief steal ONLY the hd .... but what if he steal the entire machine? a laptop is easy to steal at 100% (not only the hd).

IMHO i don't understand why a person should use TPM to automaticallu enter the encryption key to unlock a drive, with virtually " no action required" by the end user.

i had to follow a guide to set bitlocker to nos ask for tpm and works as if NO TPM is availale. only in that way i can REALLY encrypt the drive ( takes a lot of time) and the pc REALLY ASKS me to enter a password.

can someone explain my doubts? to me tpm module for bitlocker is 0% useful, like to have NO ENCRYPTION at all, because effectively the end user who sits in front of your pc, automatically decrypt the drive because tpm gives the key..... so it is nonsense for me.

Well most people have a username and password on the computer before it boots up. So if you stole the password, you would have to crack that.

i think you haven't understood my reasoning

ok but it is USELESS...... if someone steal my whole pc... my laptop, he can read EVERYTHING in it, he does not even know that the drive is protected by bitlocker, because the encryption is clear.... no passwod required, no action required by user to have access to files.

to me it is USELESS:...

If someone stole your PC then they still wouldn't be able to directly access the drive because they wouldn't be able to login to Windows. However, they could indirectly access it, e.g. if you have a shared network drive or exploitable network service, while the system is sitting at the login screen.

The TPM does not unlock the drive. It is still Windows that reads the key from the TPM and unlocks the drive. So the thief cannot boot to a different OS or modify the bootloader to bypass Windows.

If you don't have a Windows password then yes, Bitlocker with no PIN would offer no protection.

PolarNettles said:

If someone stole your PC then they still wouldn't be able to directly access the drive because they wouldn't be able to login to Windows. However, they could indirectly access it, e.g. if you have a shared network drive or exploitable network service, while the
If you don't have a Windows password then yes, Bitlocker with no PIN would offer no protection.

Yeah I said this and he claims I didn't understand his reasoning.
I don't know why somebody would bitlock their drive, but not use any password for windows login
You use bitlocker for security, so you should at least be security minded and use a windows password.
So when you do, if they can't get into your computer because they don't knwo the password, they can't take the drive out and use it in another comptuer, so TPM is not pointless

But yeah, I don't understand the poster's reasoning

Compumind said:

I believe that BitLocker Drive Encryption was cracked long ago.
Nevertheless, it's free and requires a bit know-how to properly implement, IMO.

This is a better solution for many of my clients:

cracked? seems like there was only an issue with SSD's, and only certain ones at that. Which could be fixed by changing to software encryption

otherwise though bitlocker is pretty easy to turn on in windows 10