jddfw
2 Iron

BitLocker Recovery is Triggered, but then Bypassed with a Single Reboot

We have clients using the Latitude 7480 who have called in to report encountering the BitLocker Recovery Key prompt.  Only, we've learned that we can bypass/cancel the request simply by power-cycling the laptop (I wanted to say "reboot," but I can't recall if that's even an option, at that point...).

It seems that the trigger is a squirrelly startup, or [previous] shutdown, but in any event, restarting the system allows it to boot normally.  For the couple of laptops that do prompt again, we'll supply the end-user with their key and off they go.

Could the BIOS be the culprit?  I'm fairly certain they're not all running the most recent rev.

0 Kudos
3 Replies
jphughan
5 Rhenium

Re: BitLocker Recovery is Triggered, but then Bypassed with a Single Reboot

Do you happen to be using TB16 docks and/or have the Thunderbolt pre-boot options enabled in the BIOS?

0 Kudos
jddfw
2 Iron

Re: BitLocker Recovery is Triggered, but then Bypassed with a Single Reboot

We're using the WD15.  No TB configs enabled, that I'm aware of.

0 Kudos
jphughan
5 Rhenium

Re: BitLocker Recovery is Triggered, but then Bypassed with a Single Reboot

Ok, if this doesn't occur consistently (and exclusively) after changing between having the dock connected at boot and having the dock disconnected at boot, then ignore that question above.  If you can literally just shut down the laptop, change nothing, and turn it back on to avoid the Recovery Key prompt, it sounds like it may be an issue with the TPM.  I haven't checked right now, but I seem to remember seeing firmware updates specifically for the TPM for that system, although BIOS updates wouldn't be a bad idea either.  The annoyance with TPM updates is that they require 3 reboots to execute (read the installation instructions on the support.dell.com page) and require that the TPM be cleared, which will cause a Recovery Key prompt to occur at every boot until you complete the TPM firmware update and then either delete and re-add the TPM protector using the manage-bde command line tool or simply remove and then re-enable BitLocker entirely.

Strangely there's another thread going right now involving an XPS 13 that is now prompting for a Recovery Key at every startup after a firmware update and in that case it appears that the firmware update knocked out the TPM since there are no TPM options even left in the BIOS.

0 Kudos