top | item 15793271

(no title)

elehack | 8 years ago

If the machine (1) has soldered-on RAM (preventing cold boot attacks) and (2) the portions of the OS that run prior to user authentication are sufficiently secure, then it really doesn't seem to be a problem.

Last I knew, Windows does not like to let you enable this mode in a machine with removable RAM that don't have compensating security features.

discuss

cryptonector|8 years ago

And also no Thunderbolt/Firewire, and/or has an IOMMU and the OS uses it.

rootsudo|8 years ago

I'm sorry, what?

Windows 100% allows you to use TPM + bitlocker and secure the keys on AD on any sort of computer, regardless of removable ram or not.