tpm+pin

The tpm+pin tag covers discussions about BitLocker configurations that combine a Trusted Platform Module with a personal identification number for enhanced pre-boot authentication. Recent content highlights the YellowKey BitLocker bypass (CVE-2026-45585), which exploits weaknesses in Windows Recovery Environment to circumvent default BitLocker protections. Microsoft's mitigation guidance emphasizes that TPM+PIN setups offer stronger resistance against physical attacks compared to TPM-only or TPM+startup key configurations. The tag is relevant for Windows 11 and Windows Server 2025 users seeking to harden disk encryption against theft scenarios, as the PIN requirement adds a second factor that prevents automatic decryption even when the TPM is present.