I think the idea is that Windows' security, once booted, is enough to protect your data. It's the same situation if, for example, your laptop gets stolen while in sleep / on the lock screen.
In theory, you shouldn't be able to get the key while booting on some other media (say, your own Windows USB drive).
> Ensuring the integrity of early boot components and boot configuration data. On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
In theory, you shouldn't be able to get the key while booting on some other media (say, your own Windows USB drive).
> Ensuring the integrity of early boot components and boot configuration data. On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
https://docs.microsoft.com/en-us/windows/security/informatio...