I've been reading up on the System Reserved Partition and understand that it holds all the boot required items for a Windows PC to start. I am trying to understand how its interaction with the main OS partition works in a situation where Bit Locker is used.
The way I understand it, the computer uses the partition to boot and then once a user successfully logs in the OS can start decrypting the main drive for use.
My confusion comes in when I consider the things that have to occur for Windows to function normally such as event logging of log in attempts.
In the event of a successful log in I would assume that they would be dropped in the appropriate event log after decrypt, but in the case of a failed log in, that file isn't available yet. For Windows to log it, the event record has to go somewhere permanent and the only place I can think of is the system reserve partition because it is the only partition available that isn't encrypted at the time.
Is this the case? If so I would like an answer that elaborates on where and how these events get stored on the partition. If not, I would like to know what actually happens.