Not that long ago, competent security was a criminal offense to export. It still is, unless the code is Open Source (and we all know how Microsoft loves Open Source).
I'm sure as heck no Microsoft fan, but they've been exporting strong cryptographic components for a long time now, and not in an open source format. Please reference the following materials for further guidance on this topic:
Export of cryptography in the United States
International Traffic in Arms Regulations 2009
Sure, you can't export this stuff to Iran, North Korea, etc, but there are very few real obstacles aside from that. This is pure and simple failure on Microsoft's part, on the most basic level imaginable concerning data protection.
It's time to boot, do your boot ROMs know where your disk controllers are?