![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 61%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,877 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 31%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWA%3C/text%3E%3C/svg%3E)
Hi.
1 Classic TPM sniffing is impossible if you use a firmware based TPM ("fTPM"). Most devices manufactured after the release of Win10 (2015) are equipped with an fTPM, so the point is moot for, say, >90% of modern machines unless you have other reasons not to use an fTPM. There are still attack vectors left, see https://ieeexplore.ieee.org/document/10190531
2 In my opinion: "who uses a passphrase!?". If you want highest security, you use a certificate or the TPM or a usb-based .bek file ("startup key protector") as protector, never a passphrase. If we are talking about a non-OS partition, you could also use the auto-unlock protector so d: "piggy-backs" on the strong protector that you set for c: and no additional entry is needed.
