You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Multiple people have e-mailed me begging for help with data recovery on Surface computers with BitLocker. Apparently they enable TPM secureboot BitLocker by default, but it's a brittle mess and any number of random things can change the PCRs and lock people out forever.
It's patently obvious to anyone with half a brain that UEFI secureboot breaks if you look at it wrong and TPM-backed encryption is absolutely **not** ready for wide roll-out outside of enterprise deployments with recovery key management. Why is MS doing this? Are they nuts?
Obviously I can't do anything for these people, as they invariably have no detailed knowledge of what they did to trigger the PCR mismatch, or have made things worse by messing with the UEFI setup further (which nobody warns you about).
Looking at reports of people with the same issue, unsurprisingly random updates that may include firmware updates can set this off. Also apparently it can happen if you have the **keyboard attached** to a tablet, and detaching it lets it boot‽
Sounds like the sort of thing that would make @mjg59 cry but it’s also a stark reminder that it’s hard to get the combo of user friendly and security right.
Default is for it to only be sealed to PCR 7, and there's a very finite number of things that should change that (also, default is for the recovery key to be escrowed with Microsoft)
Tell that to Surface Book 2 owners where having the *keyboard connected* breaks the sealing.https://www.reddit.com/r/Surface/comments/94ld4z/august_4_firmware_update_warning_surface_book_2/ …
I’ve had this happen just about every other time the FW is updated on my Surface Pro 4. As you said, BitLocker recovery via MS escrow is a workable solution.
If they sign into their Microsoft account and go to this page they can get back their recovery keys to unlock the storage https://account.microsoft.com/devices/recoverykey?refd=support.microsoft.com …
That's not always the case.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
