update: Clarify Windows Home instructions

[raghavkaul]

Clarify Windows Home instructions. On Windows Home, following the instructions will enable Device Encryption, which is a less-featured version of Bitlocker that does not support all of the security settings (see here for more details).

One notable missing feature, for example, is the ability to use password + pin (or, really, most protectors that are not rp or tpm).

[github-actions]

✅ Your preview is ready!

Name	Link
🔨 Latest commit	2385c92
😎 Preview	https://pr3139.unreviewed.privacyguides.dev/en/

Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging.

[dngray]

One notable missing feature, for example, is the ability to use password + pin (or, really, most protectors that are not rp or tpm).

We should probably say that then. I haven't used home in a long time to check that.

[dngray]

I'm not even sure this works at all anymore in 11 Home 25H2. When I try with -RecoveryPassword, -tpm or the -pw protector. ie with manage-bde C: -protectors -add I get the error:

ERROR: An error occurred (code 0x8031005a):
This version of Windows does not support this feature of BitLocker Drive Encryption. To use this feature, upgrade the operating system.

Status shows me it clearly wasn't enabled

> manage-bde C: -status
BitLocker Drive Encryption: Configuration Tool version 10.0.26100
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
 
Volume C: []
[OS Volume]
 
    Size:                 3724.96 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:       None Found

The on switch doesn't work either:

>manage-bde C: -on
BitLocker Drive Encryption: Configuration Tool version 10.0.26100
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
 
Volume C: []
[OS Volume]
ERROR: An error occurred (code 0x8031005a):
This version of Windows does not support this feature of BitLocker Drive Encryption. To use this feature, upgrade the operating system.
 
NOTE: If the -on switch has failed to add key protectors or start encryption,
you may need to call "manage-bde -off" before attempting -on again.

In my case I tried without a Microsoft account, maybe that's needed?. SecureBoot was enabled and my TPM was detected as I have one of those. The system I tested this on was standard desktop PC with a TPM not a surface or anything mobile like that.

[privacyguides-bot]

This pull request has been mentioned on Privacy Guides Community. There might be relevant details there:

https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/22