Inspiron 7391 Bios Update enabled Bitlocker

hello

i am in the same case with a vostro 5515... just accepted a windows update and now i have one inaccessible computer !!! did'nt used a microsoft account so no unlock code is possible, dell or microsoft can do nothing for me ! incredible...

hope you will find a solution, for me it is buying a M2>usb card and make myself a backup before re installing os.... without this bitlocker . TOS76>of course !

There is an option to backup the key on the encryption option tab to unlock the drive in the case of hardware change (failure). Must always be used, unless you want data to be blocked permanently in such situations.

It's important to backup BitLocker key on a separate location.

Unfortunately Windows Home Edition encrypts drive by default and never offers to backup that key, but option exists. (assuming you've been forced to MS account which allegedly suppose to save the key for you). If you have Home Edition, I believe key is saved to the account even by force, due to it does not enable BitLocker Lite until you login to MS Account.

---

@ecarpenter wrote:

Anyone else found Bitlocker enabled after they update the BIOS to version 1.9.1?...Before it gets to the Windows login I get the message "Bitlocker needs your recovery key to unlock your drive because Secure Boot Policy has unexpectedly changed"

Literally the only thing I was doing was Windows updated and decided to do the Dell BIOS update last.

---

Hi ecarpenter:

What is your Windows operating system [if Win 10 or Win 11 please include the edition (Home or Pro), version and build shown at Settings | System | About | Windows Specifications], and are you sure your BIOS is currently v1.9.1?  I'm not sure if you have the Dell Inspiron 7391 (the support page <here> for that model lists the Dell Inspiron 5391/7391 and Vostro 5391 System BIOS v1.19.1) or if you have the Dell Inspiron 7391 2-in-1 (the support page <here> for that model lists the Dell Inspiron 7391/7591/7791 System BIOS v1.17.0) , but if you don't know your current BIOS version open a Run dialog box, enter msinfo32 to open your System Information panel, and look for the “BIOS Version/Date” field.

Window Update delivered KB5012170 (2022-08 Security Update for Windows 10 Version 21H2 for x64-based Systems) to Win 8.1 and higher machines during this month's August 2022 Patch Tuesday updates. The KB article <here> for KB5012170 is titled KB5012170: Security update for Secure Boot DBX: August 9, 2022 and Microsoft is already tracking problems with this update in the Known Issues section of that KB article. Also see Neowin's 13-Aug-2022 Microsoft Warns About Windows Update Fails, UEFI Update Might be Necessary to Fix and the ghacks.net 15-Aug-2022 article KB5012170: Windows Update Error 0x800f0922, UEFI BIOS Update May Resolve It. I haven't heard of KB5012170 enabling BitLocker (yet) but suspected problems with KB5012170 and Secure Boot are still being reported.

Just an FYI that KB5012170 does not appear to have caused any issues on my Inspiron 5584 / Win 10 Pro v21H2 laptop. BitLocker is still disabled at Control Panel | System and Security | BitLocker Drive Encryption and when I checked the status of Secure Boot in System Information I confirmed that Secure Boot was disabled both before and after my Aug 2022 Patch Tuesday updates were installed on 12-Aug-2022.  I installed  the latest Inspiron 5583/5584 BIOS v1.20.0 for my system on 14-Aug-2022 and this did not change my BitLocker or Secure Boot settings.

---------------
64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

... and further to your immediate problem, the MS support article Finding your BitLocker Recovery Key in Windows might help you find your recovery key.  I used to have BitLocker enabled on my Inspiron 5584 and kept the recovery key backed up on a USB thumb drive, but if you have access to a working computer and can log in to your Microsoft Account that support article will explain where you might find a copy of your recovery key online.

Hi ecarpenter / nobox:

Just a bit of additional information.

I posted about your problem in the AskWoody.com forum thread It’s Time for Those August Updates To Be Deferred and user PKCano replied in post # 2470657 that "Win10 and Win11 Pro turn on Bitlocker in the OOBE by default". I have an Inspiron 5584 / Win 10 Pro laptop and when I performed a reset to factory condition in August 2020 I vaguely recall now that I had to decline the use of BitLocker encryption during the initial "out-of-box experience" setup of my system.

The MS support article Overview of BitLocker Device Encryption in Windows also states that "When a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives..." and also notes that "Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 11 and Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition or Windows 11." See my AskWoody post # 2444880 in “Modern” Standby in Newer PCs showing that my Inspiron 5584 does not support the Modern Standby sleep state, which might be another reason why BitLocker encryption is not enabled on my system.

I also found a multi-page thread BitLocker: Need a Key But I Never Installed It in the Windows 10 board of this Dell Community. It doesn't explain why a change to your Secure Boot settings suddenly triggered BitLocker to request your recovery key, but I suspect BitLocker encryption has been enabled on your system for a long time and you just weren't aware of it.
----------------------
64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

hello thank you for your searches...

yes dell is putting bitlocker but has no solution if you have to get the key back !!!

apparently they know they are using one unsecure process for customer but they don"t tell, and they don't offer any solution or compensation when you are in trouble with this...

this was my last dell ever !!

g

well i unlocked it... just to let you know, if you are using a microsoft account pro or edu with azure active directory inside, you can connect to azure active directory and serach in it for the devices you used to connect to the account... the bitlocker key is there. no need to have been using an email as an acount for windows, just beeing using one on your machine... and directly go to the azure active directory, not on the url told by the bitlocker blue screen ! this one told me that my microsoft account wasn't existing !! pffffffffff

---

@nobox wrote:

well i unlocked it... just to let you know, if you are using a microsoft account pro or edu with azure active directory inside, you can connect to azure active directory and serach in it for the devices you used to connect to the account...

---

Hi nobox:

Glad to hear you found your recovery key.

From the MS support article Finding your BitLocker Recovery Key in Windows I mentioned <here> in my 15-Aug-2022 post:

---

" In an Azure Active Directory account: If your device was ever signed into an organization using a work or school email account, your recovery key may be stored in that organization's Azure AD account. You may be able to access it directly or you may need to contact a system administrator to access your recovery key."

---

The Dell support article Automatic Windows Device Encryption or BitLocker on Dell Systems has more information on how device encryption can sometimes be automatically enabled on Dell computers after the initial Out-of-Box Experience (OOBE) is completed. That support article has instructions for both Win 10 Home and Win 10 Pro on how to suspend the device encryption before flashing the system BIOS (in a perfect world, newer installers for Dell BIOS updates will automatically suspend BitLocker encryption before starting the BIOS update) or turn off device encryption before performing a reset to factory condition.

I have a Win 10 Pro OS so BitLocker can be managed from Control Panel | System and Security | BitLocker Device Encryption. Less than a year after purchasing my Inspiron 5584 laptop it refused to boot up and would not enter the Dell recovery environment and I was forced to perform a reset to factory condition. I could not proceed until I entered my recovery key, and I was fortunate that I had printed out a hard copy of my 48-digit recovery key and tucked it away in a safe place. After my reset to factory condition and OOBE setup I made sure that BitLocker was turned OFF and started using Macrium Reflect Free imaging software to create rescue media (a bootable USB) and the occasional full disk image that is stored on an external backup drive in case I ever have to perform another emergency recovery. Here's an old image of what my BitLocker drive encryption used to look like when BitLocker was still turned ON before my reset to factory condition in 2020.

----------------------
64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

hello imacri

yes just crazy that on the blue screen of blocked bitlocker, the url proposed was unfonctionnal ! i used the pro account in "aka.ms/aadrecoverykey" and the other one, it told me that the account wasn't valid !!! after that i stopped searching around this account, which was the good one ! Bravo microsoft !

Hi

"BitLocker is capable of encrypting entire hard drives, including both system and data drives."

So my keeping my Bitlocker key on a separate drive, and separate partition will still get encrypted?

If I put it inside a Linux Mint directory that also gets encrypted by Microsoft?

---

@ann_droid wrote:
... So my keeping my Bitlocker key on a separate drive, and separate partition will still get encrypted?...

---

Hi ann_droid:

Thanks for your link to Richard Speed's 15-Aug-2022 article Microsoft's Secure Boot Fix Sends Some PCs into BitLocker Recovery on theregister.com. That would seem to confirm that KB5012170 (Security Update for Secure Boot DBX: August 9, 2022) that was delivered with the August 2022 Patch Tuesday updates is triggering the BitLocker Recovey screen on some systems. That article states in part ...

---

 “Register reader Anthony got in touch to tell us that out of the 400 PCs his company managed, 2 percent (all Windows 11) booted to a BitLocker recovery screen after the update….The recovery process restores access to data and requires the user to supply a lengthy password (or a domain administrator can get the password via Active Directory Domain Services). Anthony told us he was able to log into Azure and retrieve the recovery keys.“

---

... which would tie in with nobox's post <here> that they found their recovery key in their Azure Active Directory account.  I'm not sure, but that sounds like nobox's Vostro 5515 is used in a work or school environment and their Vostro is a client computer that connects to a network domain.

I'm not an expert when it comes to BitLocker drive encryption but Brink's' TenForums tutorial How to Turn On or Off BitLocker for Fixed Data Drives in Windows 10 would indicate that if you have a second fixed drive that you use for data storage and want to encrypt both your system boot drive and fixed data drive then BitLocker must be turned on separately on each drive and you must generate a separate 48-digit recovery key for each drive.

Just based on my personal experience, I would always save my BitLocker recovery key(s) in two locations - on a removable USB thumb drive and as a hard copy (i.e., printed out on a piece of paper that is stored in a safe location). If your computer won't boot up and you have to perform an emergency recovery then having your BitLocker recovery key stored anywhere on a local internal hard drive is useless, even if the recovery key is saved on a second fixed data drive that is not encrypted.  In this scenario, if you don't have easy access to another computer then saving your recovery key on a removable USB thumb drive or external backup drive or even stored online in your Microsoft Account isn't going to help. If you log in to Windows with a Local user account (i.e., instead of logging in with your Microsoft account) you don't even have the option of accessing your online Microsoft Account from someone else's computer to find your recovery key. The only sure method is to print your 48-digit BitLocker recovery key(s) on a piece of paper and put it away in a safe place.
---------
64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

it appears that the KB5012170 update is causing some problems, making some systems boot into the bitlocker recovery screen.  this is one of those windows updates that should not have been automatically pushed onto win10 & win11 systems so soon and should be hidden or blocked as noted somewhere on the Askwoody web site

As of 19-Aug-2022 Microsoft has officially confirmed the issue where some devices might start up into BitLocker Recovery after installation of KB5012170 (Security Update for Secure Boot DBX: August 9, 2022).

From Microsoft's Windows 11 Known Issues and Notifications for August 2022:

---

Some devices might enter BitLocker Recovery on the first or second restart after attempting to install Security update for Secure Boot DBX ( KB5012170), released August 9, 2022 ...

Workaround:

If your device is prompting for a BitLocker Recovery key, you will need to supply it to start up Windows. For more information, see Finding your BitLocker recovery key in Windows.

If you have not installed KB5012170 yet and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing.

If you have installed KB5012170 and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker using the instructions below.

Important: If you have restarted your device two times or more after installing KB5012170, your device is not affected by this issue

To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying KB5012170, follow these steps ...

---

Kudos to Alex5723 for posting a link to that Microsoft Docs support article in post # 2471483 of Susan Bradley's topic It’s Time For Those August Updates To Be Deferred in the AskWoody.com forum.

If anyone following this thread isn't familiar with AskWoody.com, this site has a rating system called MS-DEFCON (Microsoft Patch Defense Level Condition) that lets individual Microsoft consumers know when it’s safe to install patches. Many AskWoody.com followers pause their Windows Updates about a week before the Patch Tuesday updates are released on the second Tuesday of each month and then monitor the feedback on that site so they know if they should patch immediately (e.g., if there is a vulnerability under attack by a zero-day exploit that needs to be patched ASAP) or if there is an emerging problem like this month's KB5012170 / BitLocker Recovery glitch that needs to be addressed by Microsoft before it's safe to apply their Patch Tuesday updates.  I don't strictly adhere to this MS-DEFCON system (I save the occasional Macrium Reflect Free full disk image to an external backup drive that I can use for an emergency recovery if something really goes wrong on my system) but I often find helpful information on that site.

Unfortunately, early warnings about this month's KB5012170 / BitLocker Recovery glitch would not be helpful to Win 11 users who weren't aware that BitLocker drive encryption was enabled on their system and didn't have easy access to their recovery key.
----------------
64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867 * Dell SupportAssist v3.11.4.29 * Dell Update Windows Universal v4.6.0 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620