it is pretty much applicable to all devices using the default BitLocker “Device Encryption” setup, as this configuration relies solely on Secure Boot to automatically unseal the disk during boot.
That is, only the default “transparent” bitlocker mode. If you have any other additional protection (pin, password) set it doesn’t affect you.
The TPM takes “measurements” of the system and releases the decryption key only if they’re all correct. Files on the disk are encrypted, so booting into another OS with a bootable media doesn’t work (measurement picks up the fact that you booted into another OS). When the system does boot properly, the Windows lock screen prevents you from viewing the files.
That is, only the default “transparent” bitlocker mode. If you have any other additional protection (pin, password) set it doesn’t affect you.
Why would anyone use the “transparent” mode? Seems rather pointless.
People who prefer that much convenience vs security.
The TPM takes “measurements” of the system and releases the decryption key only if they’re all correct. Files on the disk are encrypted, so booting into another OS with a bootable media doesn’t work (measurement picks up the fact that you booted into another OS). When the system does boot properly, the Windows lock screen prevents you from viewing the files.