Windows 11 encryption - Is it needed or desirable on a gaming PC?

OverDrive

OverDrive

OverDrive

Associate
Joined
28 Feb 2012
Posts
814
Location
Herts
Hi all. It's just occurred to me how little I know about this topic!

I understand that some motherboards have TPM 2.0 modules. I have a 5900X on the X570 platform. I enabled fTPM in the UEFI BIOS prior to installing W11. However, my system is not encrypted. Under system information the reason given for failed automatic encryption is as follows:

Device Encryption Support: "Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and the device is not Modern Standby, Un-allowed DMA-capable bus/device(s) detected"

I'm not overly bothered by this as it's not a laptop/mobile device. However, is it desirable to have a home gaming PC encrypted?

What are the implications for hardware changes or BIOS updates on an encrypted W11 system? I understand that a Microsoft account can store an encryption key now. How does this work in practice?

I was hoping for a little discussion to get a better understanding of this topic in general.

Thank you.

NB: Also, if a device was encrypted using the AMD fTPM module on the CPU, and then someone did a CPU upgrade without disabling encryption first - presumably you would be locked out? Or what if the CPU failed?
 
Last edited:
A lot of motherboards x570 included as I have one
Are tpm module capable
Ie the sockets there to accept one
But normally you have to get the tpm module separately
So most people are using ftpm
Which is kind of similar though handled by the cpu
Only ever tried the encryption once
And after a while something went wonky and I got locked out
So personally not sure I would use it again
I keep multiple backup of everything luckily
Plenty people probably use it with no issues but I can only go
By personal experience and say I won't encrypt non portable devices
 
Mcnumpty2323 said:
Only ever tried the encryption once
And after a while something went wonky and I got locked out
Click to expand...

This is what I am most worried about and why I don't really want to encrypt my gaming rig!

I read that Windows 11 will encrypt by default now if hardware conditions are met?
 
OverDrive said:
This is what I am most worried about and why I don't really want to encrypt my gaming rig!

I read that Windows 11 will encrypt by default now if hardware conditions are met?
Click to expand...
I hadn't heard that
Though if true perhaps it applys to actual tpm modules
rather than ftpm
Would have to have a look on Google about it
I have the latest dev preview of 11
In a way guess it would make sense as most mobile devices
Encrypt themselves
Though they do seem to go wonky a lot less often than windows does
 
OverDrive said:
I read that Windows 11 will encrypt by default now if hardware conditions are met?
Click to expand...
That's incorrect - BitLocker isn't enabled by default and I suspect it never will be as Microsoft won't want to be sued in a class action data loss lawsuit if anything goes wonky with the TPM.

BitLocker *is* easier to enable with a TPM enabled as it doesn't require any extra authentication - it just encrypts your drive and then you unlock it by logging in. I have my Windows/boot drive encrypted as there's a lot of stuff on there I wouldn't want to fall into the wrong hands if it got nicked (password manager, crypto wallets etc.)
 
A bit of Googling suggests it may automatically encrypt
But only if certain requirements are met
Support for modern stand by being one
Which is probably less likely on a desktop pc than a laptop
Signing in with aa Microsoft account being another
Here's one link though there were others
www.zdnet.com

BitLocker Guide: How to use this Windows encryption tool to protect your data

Encrypting every bit of data on a Windows PC is a crucial security precaution. Windows 10 and Windows 11 include the same strong encryption options, with business editions having the best set of management tools. Here's a hands-on guide.
www.zdnet.com www.zdnet.com
My biggest concern is if something goes wonky
And windows won't boot
How do you get your data back?
 
After having devices stolen in the past, I'm a firm believer in encrypting drives. The overhead is pretty minimal and I don't notice it in day to day use. The peace of mind that any docs etc won't be accessible is worth it for me. I've been using BitLocker on many devices, both at home and in work for years and have so far had no issues with it breaking. However, if you don't keep anything important on your PC then you'd gain nothing from enabling it.

Mcnumpty2323 said:
How do you get your data back?
Click to expand...
By restoring from your backup of course! ;)
 
Quartz said:
You should have printed off some recovery keys - which are also stored in your Microsoft account. Failing that you restore from your backup.
Click to expand...
Yeah I did store them on my phone
If I had a printed copy someone nicking my pc might nick that too lol
Was a while ago
So I forget specifically what it said
But it was some sort of Microsoft account error
We couldn't fetch or verify your recovery key
Or something along those lines
It sent me around in circles trying to do stuff to regain it from Microsoft account
Which wasnt successful
So now I log into a local account to rule that out
And switch to Microsoft account if I need to

To be fair most people may never have issues
I have a habit of doing stuff to see what happens
Which does teach me stuff
But can have unpredictable results lol

My backups were also encrypted
But I got around that with a macrium image stored on my phone

Encryption seems to work great on phones/mobile devices
Just on pc I am very wary now
I guess there's a much smaller base of hardware on mobile devices
Which probably makes things less complicated
 
Mcnumpty2323 said:
If I had a printed copy someone nicking my pc might nick that too lol
Click to expand...

Just store the printout in your safe or somewhere safe.

Mcnumpty2323 said:
But it was some sort of Microsoft account error
We couldn't fetch or verify your recovery key
Click to expand...

You don't need to sign in to your PC with a Microsoft account, though that makes it easy. You just need to have a Microsoft account and when you sign in to that you should be able to print off recovery keys.
 
Literally just turned on the pc
Nothing has been changed at all
This isn't the error I previously mentioned
But does show things can go wonky
For no reason
And first time trying to put an image in
With the new forum
Thats not working either doh!
hmmmm not working on mobile but looks like is on desktop

 
That looks more like a CPU/MB issue than a TPM one though - curious that your MB suddenly thinks the CPU's been out. Of course, it's something to bear in mind if your drive's encrypted using an fTPM and you do plan on swapping out the CPU in the future - if you have a copy of the recovery key it's a non-issue though (also, it's still possible to encrypt using BitLocker without a TPM, even on Windows 11 Pro - in this case you only need the password - the TPM or lack of one is irrelevant).
 
After reading this, I thought Id try bitlocker as I use trucrypt on all my other drives but Ive got no protection on my boot drive and my motherboard has TPM so no need to mess about with passwords.... And so far ok,, things was a bit slow after encrypting the drive but it soon speeded back up... Has anyone tried to use a bitlocker drive on a different device and if so, what happened?
 
Last edited:
Phil2008 said:
Has anyone tried to use a bitlocker drive on a different device and if so, what happened?
Click to expand...
You can encrypt other fixed disks too - if you're not using a TPM, they get unlocked using the same password you use before Windows boots.
Cyber-Mav said:
can you even use data recovery services if the failed drive was encrypted?
Click to expand...
Potentially - if you have your recovery keys - however, the chances of retrieving the data are likely much, much worse (Seagate's data recovery service only applies to unencrypted drives for example). That's kind of the point though - if you're using encryption, you should also be backing up your data and storing it somewhere secure.
 
Whats the best free bitlocker alternative app to use with win10 home as I wouldnt mind doing the same with my laptop?
 
Phil2008 said:
Whats the best free bitlocker alternative app to use with win10 home as I wouldnt mind doing the same with my laptop?
Click to expand...
Veracrypt

I've not used it, but it's the successor to TrueCrypt, which I used to use back in the day but has been discontinued. To be honest, for ease of use, I'd just stump up for a Pro upgrade to get BitLocker.
 
Mcnumpty2323 said:
A bit of Googling suggests it may automatically encrypt
But only if certain requirements are met
Support for modern stand by being one
Which is probably less likely on a desktop pc than a laptop
Signing in with aa Microsoft account being another
Here's one link though there were others
www.zdnet.com

BitLocker Guide: How to use this Windows encryption tool to protect your data

Encrypting every bit of data on a Windows PC is a crucial security precaution. Windows 10 and Windows 11 include the same strong encryption options, with business editions having the best set of management tools. Here's a hands-on guide.
www.zdnet.com www.zdnet.com
My biggest concern is if something goes wonky
And windows won't boot
How do you get your data back?
Click to expand...
My laptop automatically encrypted but it did say log into your Microsoft account to continue the setup. So I guess once you log in that's when you setup the backup code. Untill then it's not fully encrypted. I just turned it off and then it unncrypted.
 
You must log in or register to reply here.
Back
Top Bottom