Microsoft NEVER cares about your security. They just do the absolute bare minimum for compliance with stupid standards, and then advertise it as some crazy security improvement. Corporations lie to you all the time. If you want some actual security, you need to start using FOSS software. Most importantly a FOSS, Linux-based OS, and set it up with LUKS passphrase-based encryption.
It still uses the TPM by default, instead of requireing a passphrase to be typed in on boot to unlock the keys. This still makes it an insecure mess.
https://yewtu.be/watch?v=wTl4vEednkQ
https://github.com/stacksmashing/pico-tpmsniffer
https://github.com/stacksmashing/LPCClocklessAnalyzer
Microsoft NEVER cares about your security. They just do the absolute bare minimum for compliance with stupid standards, and then advertise it as some crazy security improvement. Corporations lie to you all the time. If you want some actual security, you need to start using FOSS software. Most importantly a FOSS, Linux-based OS, and set it up with LUKS passphrase-based encryption.