disparaged

 https://www.thewindowsclub.com/credential-guard-windows-10

"I use windows" you could say to a party without any friends to talk to, but the people having a "Microsoft docs"-level conversation might give you an "ew. As if" look and continue their esoteric arcane-ness, their bombastic eclecticity.

"Eclecticity" is not a word and does not describe those who treat OSs like some new puzzle to unscramble.

Required Privilege not held by client (yours truly)
Or maybe you thought I was exaggerating?
If you had a mind to, you could read https://docs.microsoft.com/en-us/powershell/module/secureboot/set-securebootuefi?view=windowsserver2022-ps
But without knowing the specifics it's pointless and (also) stupid

------------

0,2,4,11, but 7 is too high, I cannot conceive of it
Pls read https://docs.microsoft.com/en-us/windows-hardware/test/hlk/testref/954cf796-a640-4134-b742-eaf0ed2663ff , some parts Are readable.

I got yer TPM right here, but it's never good enough for you, is it?
oooh, I embarrass yew in front of yer friends, because I don't know why my TPM-7 isn't bindable.

Occasionally they'll stop and start explaining to you in a louder than normal voice, that PCR7 needs credential guard, which needs a domain, which needs windows-enterprise.

My BIOS might have been signed by the wrong certificate. It's saying on some page that if a certificate is only ble-2011 and not Yada 2011 it's been found wanting (mene tekel Upharsin) and will be ignored.

Lights on, no one home.
(IOW wtf is binding and forget "why" already, tell me how.)

https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838
Not available at home.

THE OLD FUCKER WHO INVENTED THIS STUFF LET HIS NIECE REDECORATE, ADD A FEW THROW PILLOWS AND SOME LAVENDER, MAKING THE ABOVE COMPLETELY USELESS (what?)

Well anyway, the above has been deprecated, "Too easy, Too Straightforward,

"O B S O L E T E"

No need to repeat what isn't there, I'm not deaf.

Yeah I get all that, but why do you make win-pro users feel like shit at parties?

I meeeaann if I'm not supposed to have it anyway, what is the point of bringing it up??

I'm eligible for enhanced security, damn it, and I don't neeeed your stinking domain.

I'd sure like those EFS certificates now, I washed my hands and face, said grace,
pass the &^%$ certificates already (you old witch-hore)

What Is an Encryption Certificate and How Do I Get It for My Website?

https://cheapsslsecurity.com/p/what-is-an-encryption-certificate-and-how-do-i-get-it-for-my-website/

Fac!

Iterum!!

This is maddeningly simple, yet They went to the junior-college, Yew didn't, and they had to study, yew didn't.
Remind you of any snobby parties yet?
The actual certificate is probably (I'll totally guess at this point) created by whatever program you pay for,

and half the certificate is given to you to store away, and half to your PC.

Says which???

The research usually gets very circular now, like some long bus ride you never really know where to stop at.

Keys, Certificates, encryption, more keys, more encryption, and all those months ago buying a biometric device that is also FIDO capable, was my weak attempt at conformance.

I despair, stop writing and then come back in a few months to wonder again, with a clean, blank mind.

"Trust Us!! That old way is old, our New way is new!! TRUST US (for Life! in Lavender)

I keep thinking (prolly wrongly) that all the bitcoin-miners in the world seeking numbers to mine, are cracking a code. In other words, AES-etc won't mean diddly.
(I didn't know what the above picture meant, so my mind drifted predictably)

That's not "Cartman" screaming that there's something wrong with my C: drive, it's a key.
So, what's it trying to say, My key is in the lock, I am unlocked, 😱😱😱😱😱😱😱😱😱??

https://oofhours.com/2019/07/09/tpm-attestation-what-can-possibly-go-wrong/

I wrote about this before, effrontery of not paying Microsoft for membership, and then the stares because you're in outer darkness.

"Dad, what happens when we die?"

"well, Billie, one day no one will get up and drive you to school, you'll have to walk.
Soon the police come to take you away to a New home, with a mean lady who'll pull your hair, and all the kids'll hate you because you have no parents"
(Oh, you mean when WINDOWS dies?
Reinstall, since you weren't a total dumbass and only encrypted one single partition.)

Crap, you can't see this. Waitasec

But I learned something a little different today, um, today (hmm).

Way too long to stick into a single sentence and I'm not about to bore you needlessly, 

but BIOS being updated, I could not use my fingerprint or my PIN to log in, I needed my online password.

I don't know what would have happened if the computer were offline.

Anyway I needed to reassign passwords and fingerprints to "Windows Hello" (That's the name, "Hello", the nerdy Microsoft crowd loves generic-sounding names), but then I wondered about my TPM in BIOS, changed some settings, and windows-hello got pissed again, wouldn't work.

A relationship, don't you see? Between windows Hello and the TPM.

I seek a pseudo-key that would make windows happier, less disparaging and snobby.

I can't remember the actual name, but it sounds like "EFK Cert" and if it's a pseudo key, hackers already know about it (they are the only ones who would) so joining homeless computers who've been blessed with a handout-key, is there such a thing?

There's a small section of Microsoft pages I looked at a couple nights ago, encouraging people to eliminate passwords from their account.
Password-less computers cannot have their passwords stolen.

The logic is irrefutable but I'm missing something. Windows-Hello starts out wanting a fingerprint it might not recognize, then it will send a short detailed note that your PIN is no good, and finally (it's convoluted but eventually) it asks for your password.
If you Had no password, I wonder, would it log you in instantly or (having determined that other forms of ID are ruined) would it crash?

I got sidetracked.
Hello already uses the TPM (I think maybe it's called "Attestation")
 but won't use it for storage
(even though "storage" says "ready" but is not, really.)

OK NOW I need to re-read what I wrote several hours ago.

I'm gonna predict that windows is as witheringly deprecating as before, but at least I know in my heart that windows is full of shit.

The guy tittering in a high-voice (aka Alan Cumming in an 18th century french-court movie) , holding his pinky to his mouth, might have understood that.
I only reprint it to show you my travails.
Do I have enough ##$^% keys?
If not, why won't you give them to me?
Do I pass/fail, and why??

msinfo32 is republican, "Device Security" is more PBS.

Otherwise, how do you explain their wide differences of opinion.

And No one is mentioning "Bitlocker" or "Device encryption," it's like I have spinach on my teeth or a wart on my nose.

Doing what they want is pointless, asking about what they want is rude.

Best slink away now.

Goth

A nice guy tried explaining it to mere mortals in hell seeking drops of water from the Microsoft-Answers people, but they have no answers ever at all and whatever is said is pointless and useless, or it's quickly changed to keep it that way.

Here is what he said:

I swear I read this a year ago, and it's still there etched in stone like commandments.

It doesn't help PCR-7, Binding is still impossible, and we are still in hell.

Dell or whoever decided long ago that this was by design and only much more expensive models were worthy.

I still want to know what exactly PCR7 is and why we can't use it, even if it's only a bit of information I could put into a blog-entry but not actually afford, or use.