Knowledge Base

BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked



Summary: "You may see an issue where on every boot Windows BitLocker asks for a recovery key on USB type-C or Thunderbolt 3 equipped systems".


Table of Contents

  1. BitLocker asks for a recovery key at Boot.
  2. How to set the BIOS to prevent BitLocker recovery key prompts.



BitLocker asks for a recovery key at Boot.

BitLocker is an encryption function of the Windows operating system. You may encounter an issue where on every boot BitLocker asks for a recovery key. Further investigation in to the issue found this is occurring on systems a USB Type-C (USB Type-C only & Thunderbolt 3) ports.

BitLocker monitors the system for changes in the boot and configuration. When BitLocker sees a new device in the boot list or an attached external storage device it will prompt for the key for security reasons. This is normal behavior.

This problem occurs because by default USB-C/Thunderbolt 3 (TBT) boot support and Pre-boot for the TBT is on.

By turning these options off in the BIOS the Thunderbolt /USB-C is removed from the boot list and BitLocker does not see it.

The only negative effect of this configuration change is you will not be able to PXE boot from a USB Type-C or Thunderbolt 3 dongle or dock.

Top of the Page


How to set the BIOS to prevent BitLocker recovery key prompts.

To resolve the issue please follow the steps below.

  1. Enter the
  2. Enter the BIOS (F2 at boot or F12 one time boot menu at boot)
  3. Under System configuration uncheck the following
    1. Disable USB Type-C or Thunderbolt 3 Boot support
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
    3. Set POST Behavior -> Fastboot -> Thorough

Upon doing this the system should not prompt for the BitLocker key on every boot.

Note: This is a solution for USB Type-C/Thunderbolt 3 configurations causing a BitLocker recovery prompt at boot. There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode. Systems using legacy mode will need to use the steps provided in SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware

Top of the Page


For further support and guidance please view our instructional video "Resolve BitLocker Recovery Key Prompts"



Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN304584

Last Date Modified: 12/05/2017 05:37 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.