Bitlocker Dell 5480 issue

Just discovered the same error with a Latitude. The computer was already encrypted with bitlocker and required BIOS update to address the Intel sa-00075 vulnerability. Following best practice before flashing the BIOS to 1.15.4 I suspended bitlocker, flashed the BIOS, then upon reboot the system was locked requiring manual key input, after key input and reboot, the system continued to require bitlocker key. Next step, decrypted the drive, cleared TPM in the BIOS then re-attempt to encrypted, full shutdown between each change. At the point for re-encryption, upon system check reboot, received the error "The bitlocker encryption key cannot be obtained from the Trusted Platform module (TPM)" At this point did a rollback to previous BIOS 1.13.4 then then enabled bitlocker, the system check passed on drive encryption was successful. I suspect in Dell's haste to fix the SA-00075 vulnerability the BIOS update is causing problems...

I was told that BL must be turned off, then disabled before running any bios update?IS that what everyone is doing?

I saw this EXACT issue with the BIOS that came with the Latitude 5480 and Windows 7 x86.  I did install the latest BIOS 1.3.3 www.dell.com/.../DriversDetails and it did appear to work after this.  You should make sure the TPM is set to 1.2 also if you are using Windows 7.  Windows 10 did seem to not have the issue with the 1.3.3 BIOS version (at least it did not for me).

I've seen this issue with the OptiPlex 7050 and Windows 7 as well.  In that case, I had to downrev the BIOS.  

I think there is a disconnect with Dell's BIOS release schedule and the QA process.  With the sheer quantity of BIOS releases that they're making, I think they're not doing testing related to TPM and BitLocker and all of the supported OS versions.  

Hi All,

I updated the BIOS version to 1.4.3 with success. Now I can encrypt the model 5480, thanks.

Then, I completely setup the laptop and gave it to the user. Yesterday he called me about the recovery key of Bitlocker. When he starts the laptop it automatically asks for the recovery key... I entered it, suspend the encryption, restarted the laptop three times and this morning same issue... I turned off bitlocker and turn it on but after a restart same issue...

I don't know what I can do.

@DELL, did you experiment bitlocker encryption with this model ?

Hugues

Yesterday he called me about the recovery key of Bitlocker. When he starts the laptop it automatically asks for the recovery key... I entered it, suspend the encryption, restarted the laptop three times and this morning same issue... I turned off bitlocker and turn it on but after a restart same issue...

I have the XPS 13 9365 with a vPro processor.  I had done a clean install of Win 10 on the system and started getting the Recovery key message along with a website to recover it.

I went to that website and saw a key tied to my system.  Entering the key allowed me to log on but I still needed to decrypt the system to get the message to stop.

I have never turned on Bitlocker on any of my systems, so it seems it is being used as a security process.

Just adding my voice, have a Latitude 5480, bitlocker was enabled and working. Seems like the TPM has either disabled itself or broken... decrypted the drive and getting physical access to the laptop shortly.

@Dell-Chris M, no BitLocker does not need to be turned off before a BIOS update.  It's convenient to suspend BitLocker so that the BIOS update won't cause BitLocker to prompt for a Recovery Key due to the BIOS update causing the platform integrity check to fail, but even that's optional because entering the Recovery Key will "re-seal" the newly updated platform as the trusted environment, and from that point you're good to go.

Fyi, there are TPM firmware updates for the Latitude 5480 you might want to install, one each for TPM 1.2 and 2.0.  Some systems allow updating TPM firmware from 1.x to 2.x, otherwise it's possible that separate updates are included because some 5480s might lack the appropriate hardware to move up to 2.0, or perhaps there are compatibility issues with 2.x and therefore 1.2 is provided for those who need to stay on that "track".  BitLocker at least on Win10 works fine with TPM 2.0, for what it's worth, and Device Manager will show you which TPM version you're currently running..  But whichever firmware update you attempt, make sure to follow the installation instructions carefully, because getting it to install involves some PowerShell, clearing your TPM (so make sure you have your Recovery Key handy if you've already got BitLocker running), and multiple reboots.

And by the way, it's possible to use manage-bde to re-add the decryption key to the TPM without having to completely disable and re-enable BitLocker.  That's very handy if you ever need to replace the motherboard, for example -- or update your TPM firmware! :)