Base de connaissances

BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked

Summary: "You may see an issue where on every boot Windows BitLocker asks for a recovery key on USB type-C or Thunderbolt 3 equipped systems".

Table of Contents

  1. BitLocker asks for a recovery key at Boot.
  2. How to set the BIOS to prevent BitLocker recovery key prompts.

BitLocker asks for a recovery key at Boot.

Note: The system BIOS should be updated prior to these steps, the BIOS for some systems now have a fix for this issue. You can check for the updated version on

BitLocker is an encryption function of the Windows operating system. You may encounter an issue where on every boot BitLocker asks for a recovery key. Further investigation in to the issue found this is occurring on systems a USB Type-C (USB Type-C only & Thunderbolt 3) ports.

BitLocker monitors the system for changes in the boot and configuration. When BitLocker sees a new device in the boot list or an attached external storage device it will prompt for the key for security reasons. This is normal behavior.

This problem occurs because by default USB-C / Thunderbolt 3 (TBT) boot support and Pre-boot for the TBT is on.

By turning these options off in the BIOS the Thunderbolt / USB-C is removed from the boot list and BitLocker does not see it.

The only negative effect of this configuration change is you will not be able to PXE boot from a USB Type-C or Thunderbolt 3 dongle or dock.

Top of the Page

How to set the BIOS to prevent BitLocker recovery key prompts.

To resolve the issue please follow the steps below.

  1. Enter the BIOS (F2 at boot or F12 one time boot menu at boot)
  2. Go to System Configuration, then USB Configuration, and uncheck the following.
    1. Disable USB Type-C or Thunderbolt 3 Boot support
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
    3. Set POST Behavior -> Fastboot -> Thorough

Upon doing this the system should not prompt for the BitLocker key on every boot.

Note: This is a solution for USB Type-C / Thunderbolt 3 configurations causing a BitLocker recovery prompt at boot. There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode.

Systems using legacy mode can use the same steps provided in SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware

Top of the Page

For further support and guidance please view our instructional video "Resolve BitLocker Recovery Key Prompts"

Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

ID de l'article : SLN304584

Date de la dernière modification : 05/25/2018 03:46 PM

Noter cet article

Facile à comprendre
Avez-vous trouvé cet article utile ?
Oui Non
Envoyez-nous vos commentaires
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\
Désolé, notre système de collecte des commentaires est actuellement indisponible. Veuillez réessayer ultérieurement.

Merci pour vos commentaires.