Having an issue with all Dell 7510's and associated docks we've deployed to new users at my employer. The external keyboard won't work at the Bitlocker prompt. These PC's are imaged for Win10.
I've sifted through the BIOS settings and have had no luck getting it to work. One thread I found said to make sure the Post Behavior -> Fast Boot setting is set to Thorough. Verified that is the case.
Note: if I undock and dock the PC the external keyboard will work that 1st time at the bitlocker prompt, but at next reboot it doesn't work.
I'm interested in how to resolve this problem as well, because I have the same issue with the dock.
Which dock model are you using? I believe the Thunderbolt Dock (TB16) deliberately does NOT work by default during boot because if you enable the BIOS option to have Thunderbolt devices enabled during that time, then they become part of the system's platform integrity check, which creates a different problem with BitLocker. Specifically, if you have the dock connected when you enable BitLocker, then whenever you DON'T have it connected, BitLocker falls into recovery mode asking for your whole Recovery Key rather than your PIN because it detected a change in the system's hardware and considers that part of a potential compromise attempt. If you provide the key, then you "re-seal" the new environment, which means you're ok as long as you keep the dock disconnected, but then when you connect it again, the same thing happens because the hardware environment no longer matches the "approved" profile, of which there can only be 1 at a time.
The other reason Thunderbolt devices are disabled at boot is because Thunderbolt allows access to PCIe, which in turn allows direct access to memory. That's a security issue and the reason Thunderbolt devices by default prompt the user to approve them for operation, but that's disabled when boot-time activation is allowed.
If you're just using the regular USB-C dock (WD15), my guess is that something about the keyboard being "behind" the USB hub in the dock is causing the issue, although I can't account for why it works only once and only after disconnecting and reconnecting it at the prompt. By any chance have you tried different keyboards?
Sorry, I just noticed the whole length of your thread title that the keyboard DOES work inside the BIOS. If that's true, and causing a hardware detection event at the BitLocker prompt by disconnecting and reconnecting the dock also makes the keyboard work, this sounds like it could actually be a bug with the Windows PE environment that manages the BitLocker prompt. If so, it could be a bug that involves USB hubs in general, the specific hub used in that dock, or the USB-C controller in this particular system. Any chance you have a regular USB hub and possibly a USB-C to USB-A adapter dongle that you can test with in order to rule out the first and/or third possibility? Would be interesting to start isolating variables here.
Are you using a very recent BIOS version? Notice Dell managed to screw up USB devices on WD15/TB16 docks with recent BIOS updates on XPS 13 and 15, Precision 55x0.
We're actually using the EPort Plus 2 dock. We connect the dock for testing during imaging but hold off on enabling Bitlocker until the system is deployed to the user.
We utilize Lenovo and Kensington keyboards and I've tried a few of each but the issue remains.
Thanks for the ideas. I'll try to test under those different scenarios and post back the results.
Ok, with the E-Port docks, that should definitely work, and that throws out my questions about USB-C and the controller in the WD15/TB16 docks. I've got multiple E5550s using the E-Port Advanced Dock, and USB keyboards plugged into them work fine at the BitLocker PIN prompt, and I think some users even have their keyboards connected through the USB hubs built into their displays without having any issues. The only other test I can think that might be an interesting data point is whether a USB keyboard plugged into a port directly on the laptop works while the system is docked, without having to disconnect and reconnect it. If that works and the dock doesn't, then I agree this does seem like some sort of BIOS issue. I do know that there is a "control handoff" that occurs for USB devices. During POST, the BIOS is responsible for handling the USB interface, but it gives control over to the OS when it loads, and I believe the WinPE environment that handles the BitLocker prompt qualifies, so I suppose there could be a bug in the firmware for how that handoff is performed.
One more test idea in addition to the direct-connected keyboard test suggested above: Does it make a difference whether the dock-connected USB keyboard is attached to the dock's USB 3.0 ports or USB 2.0 ports?