P.S.
> The YellowKey author disagrees that PIN is a protection
Since early WinRE bypasses, Microsoft treats the "my PIN is known to the attacker, in the TPM+PIN configuration" situation as within the threat model. (IMO, this is not 2FA with one factor known to the attacker, but something similar.)
@wdormann, these bypasses are very close to login/lock screen bypasses (after the usual boot) and kiosk mode escapes (in WinRE).
> TPM-only bitlocker is known to not be very secure, and if you have TPM+PIN, then you can't get to Windows Recovery Environment Agent without the PIN. So again, where's the bypass?
The TPM-only mode works well to lock employees out of their corporate laptops (users can't mount the drive on another computer or in another OS using a user password) and with no requirement to create another strong password.
Also, all WinRE bypasses affect the TPM plus Network Key mode (seamless boot when the computer is in the trusted wired network: both the network server and TPM unwrap the encryption key).
---
It's interesting that Microsoft disguises some vulnerability descriptions as EoP, not as SfB.
