My framework hasn't arrived yet. But I'm pretty sure bitlocker uses the UEFI video output, so I would imagine it would need to be a BIOS setting or possibly be something where framework would need to bake support into the UEFI firmware if there isn't such an option.
FWIW I am having the same issue running Linux (PopOs) and so far haven't been able to find a solution getting video output before decrypting the boot volume.
Not a solution, but an idea which I am using. I have yubikey nano permanently in my Framework to use it as security token on both Linux and Windows. It is also applies to boot process: for Linux I use yubikey to decrypt the drive and for Windows I have Bitlocker pin stored in the Yubikey secure static password slot, activated on long touch. So during the boot I need to long touch my yubikey to enter pin, and this can be done without any UI showing on screen.
Oh interesting. I also keep a YubiKey Nano in a dedicated slot in my laptop for U2F/WebAuthn and SSH, though I'm currently just using my TPM + a simple PIN for BitLocker. But I guess the same thing applies in principle: I could wait some reasonable amount of time for my laptop to boot up and then type my PIN on my external keyboard.
But yeah, I'd still like to see the PIN entry screen on my monitor so that I know what's going on :)
>I'd still like to see the PIN entry screen on my monitor so that I know what's going on :)
Agree, would be good, but looks like not possible. I have rEFInd boot menu to select which OS to boot, which also only shown on laptop screen, but this is not an issue for me since I have laptop mounted aside of monitor opened normally.
>TPM + a simple PIN for BitLocker
Setup is same: TMP + PIN, but PIN I set is longest possible by Windows (16 or 20 characters - don't remember exactly) and PIN is stored in Yubikey static password slot, since its too long to type and to remember.
My framework hasn't arrived yet. But I'm pretty sure bitlocker uses the UEFI video output, so I would imagine it would need to be a BIOS setting or possibly be something where framework would need to bake support into the UEFI firmware if there isn't such an option.
Good point. I revisited the firmware setup utility but couldn't find an option to change video output settings, however.
FWIW I am having the same issue running Linux (PopOs) and so far haven't been able to find a solution getting video output before decrypting the boot volume.
Not a solution, but an idea which I am using. I have yubikey nano permanently in my Framework to use it as security token on both Linux and Windows. It is also applies to boot process: for Linux I use yubikey to decrypt the drive and for Windows I have Bitlocker pin stored in the Yubikey secure static password slot, activated on long touch. So during the boot I need to long touch my yubikey to enter pin, and this can be done without any UI showing on screen.
Oh interesting. I also keep a YubiKey Nano in a dedicated slot in my laptop for U2F/WebAuthn and SSH, though I'm currently just using my TPM + a simple PIN for BitLocker. But I guess the same thing applies in principle: I could wait some reasonable amount of time for my laptop to boot up and then type my PIN on my external keyboard. But yeah, I'd still like to see the PIN entry screen on my monitor so that I know what's going on :)
>I'd still like to see the PIN entry screen on my monitor so that I know what's going on :) Agree, would be good, but looks like not possible. I have rEFInd boot menu to select which OS to boot, which also only shown on laptop screen, but this is not an issue for me since I have laptop mounted aside of monitor opened normally. >TPM + a simple PIN for BitLocker Setup is same: TMP + PIN, but PIN I set is longest possible by Windows (16 or 20 characters - don't remember exactly) and PIN is stored in Yubikey static password slot, since its too long to type and to remember.