it is pretty much applicable to all devices using the default BitLocker “Device Encryption” setup, as this configuration relies solely on Secure Boot to automatically unseal the disk during boot.

That is, only the default “transparent” bitlocker mode. If you have any other additional protection (pin, password) set it doesn’t affect you.

Thank you for sharing. Very interesting.

We’re currently evaluating and rolling out encryption at work, so being informed about the limits of these setups is quite good - even if it’s not actually my task to work on those.