@kenan1 If you don't remember enabling BitLocker, then it was likely enabled automatically when you linked your Windows account to your Microsoft account, but in that case it should be backed up to the cloud in that account. If it's not there, then your best option to regain access to your system at this point would be to flash your system back to whatever BIOS release you were previously running, which does not require you to have a bootable OS. The reason this will work is that normally, the TPM releases the decryption key automatically, but it only does that if the system passes a "platform integrity check". Changing certain hardware or firmware items, like a BIOS version on many systems, will cause that check to fail. At that point the TPM will refuse to release the key and you will instead have to enter the Recovery Key. If you do, then the TPM will start trusting the new configuration. But if you can't do that, then you have to return the system to its trusted state. Hopefully you haven't changed anything else, and I definitely hope you haven't cleared the TPM, which would erase the decryption key it has....
If you remember what BIOS revision you were running before, this will be faster. Otherwise it might take a while for you to test. The Downloads page for the XPS 13 9360 is here. Choose that you want to search manual downloads, then enter "BIOS" into the search box. Expand the System BIOS result in the results, and notice the "Older versions" link in the description box. That's how you can get older releases. Download the updater onto a flash drive that is formatted as FAT32, then connect that flash drive to the XPS 13, power it up, and press F12 repeatedly to get to the one-time boot menu. One of the options you'll see in that boot list is a BIOS Flash Utility. You can use that to try other BIOS releases. Once you get into Windows, you can either back up your Recovery Key if you want to keep using encryption or just turn off BitLocker completely if you don't.
On a side note, the Dell Update application that would normally be used for BIOS updates is smart enough to suspend BitLocker before attempting a BIOS update. Suspending BitLocker causes it not to prompt for a decryption key one time, and if you suspend BitLocker prior to a BIOS update, the TPM will automatically trust the new configuration.
I didn't enable BitLocker and I don't have a backup for the recovery key on the cloud for it. I have checked many times by now. If I was to flash to an older BIOS release, how do I know which BIOS release to revert to? I did actually clear the TPM yesterday in an effort to make it work. Perhaps not the brightest idea. Will this effect whether reverting to an old BIOS will work?
@jphughan I have tried older BIOS versions. I went back five versions and none of them worked. Still asking for the recovery key after dell logo. Any other ideas?
I called Dell support and they were obviously unhelpful as expected. This seems extremely frustrating that they would essentially render my computer unusable without wiping everything that is on it. On top of that try to displace blame to Microsoft. Brilliant really.
@kenan1 The blame here is probably to be shared between Dell and Microsoft, in all honesty. Dell decided to ship systems with BitLocker "pre-staged" so that it could auto-enable if you linked your Windows account to your Microsoft account -- which Microsoft is making it almost impossible to avoid doing these days. But Microsoft seems to have designed a system that causes BitLocker to be enabled sometimes without backing up the key to the cloud, which is completely unacceptable, and also without the user even realizing what happened. I recognize the benefit of encryption, but I were designing that experience, I would say, "Hey, listen up! We're about to enable encryption for your Windows partition. This will keep your data safe, but there may come a day when you need your Recovery Key. If so, we've backed it up to your cloud account, which you can access at this link. And if you want to make another backup yourself, here's your chance while we're displaying it right now." But that's not what happens.
In terms of a BIOS rollback, you would've had to roll back to whatever previous BIOS release you were running. But then you said you cleared the TPM as part of your troubleshooting. In that case, you erased the decryption key that was stored in the TPM, so now the TPM has no decryption key to release even if you get the system back to the state that the TPM trusts. So at this point unless you find your Recovery Key somewhere, I'm very sorry to say this, but your data is effectively lost, and your only recourse is going to be to reinstall Windows from scratch, along with all of your drivers, applications, etc. And I realize this won't help your present situation, but going forward I would strongly recommend a robust backup solution. Frequent full system image backups are a good idea and can protect you from other eventualities too, such as an OS that becomes unbootable after a wayward Windows update. And setting up automatic cloud backups of at least your most critical data is worth considering as well.
I'm very sorry that I don't have better news for you, but unfortunately unless that Recovery Key turns up, that is the reality of the situation.
jphughan
9 Legend
•
14K Posts
0
June 16th, 2021 06:00
@kenan1 If you don't remember enabling BitLocker, then it was likely enabled automatically when you linked your Windows account to your Microsoft account, but in that case it should be backed up to the cloud in that account. If it's not there, then your best option to regain access to your system at this point would be to flash your system back to whatever BIOS release you were previously running, which does not require you to have a bootable OS. The reason this will work is that normally, the TPM releases the decryption key automatically, but it only does that if the system passes a "platform integrity check". Changing certain hardware or firmware items, like a BIOS version on many systems, will cause that check to fail. At that point the TPM will refuse to release the key and you will instead have to enter the Recovery Key. If you do, then the TPM will start trusting the new configuration. But if you can't do that, then you have to return the system to its trusted state. Hopefully you haven't changed anything else, and I definitely hope you haven't cleared the TPM, which would erase the decryption key it has....
If you remember what BIOS revision you were running before, this will be faster. Otherwise it might take a while for you to test. The Downloads page for the XPS 13 9360 is here. Choose that you want to search manual downloads, then enter "BIOS" into the search box. Expand the System BIOS result in the results, and notice the "Older versions" link in the description box. That's how you can get older releases. Download the updater onto a flash drive that is formatted as FAT32, then connect that flash drive to the XPS 13, power it up, and press F12 repeatedly to get to the one-time boot menu. One of the options you'll see in that boot list is a BIOS Flash Utility. You can use that to try other BIOS releases. Once you get into Windows, you can either back up your Recovery Key if you want to keep using encryption or just turn off BitLocker completely if you don't.
On a side note, the Dell Update application that would normally be used for BIOS updates is smart enough to suspend BitLocker before attempting a BIOS update. Suspending BitLocker causes it not to prompt for a decryption key one time, and if you suspend BitLocker prior to a BIOS update, the TPM will automatically trust the new configuration.
kenan1
1 Rookie
•
4 Posts
0
June 16th, 2021 15:00
I didn't enable BitLocker and I don't have a backup for the recovery key on the cloud for it. I have checked many times by now. If I was to flash to an older BIOS release, how do I know which BIOS release to revert to? I did actually clear the TPM yesterday in an effort to make it work. Perhaps not the brightest idea. Will this effect whether reverting to an old BIOS will work?
kenan1
1 Rookie
•
4 Posts
0
June 16th, 2021 17:00
@jphughan I have tried older BIOS versions. I went back five versions and none of them worked. Still asking for the recovery key after dell logo. Any other ideas?
kenan1
1 Rookie
•
4 Posts
0
June 16th, 2021 17:00
I called Dell support and they were obviously unhelpful as expected. This seems extremely frustrating that they would essentially render my computer unusable without wiping everything that is on it. On top of that try to displace blame to Microsoft. Brilliant really.
jphughan
9 Legend
•
14K Posts
0
June 16th, 2021 19:00
@kenan1 The blame here is probably to be shared between Dell and Microsoft, in all honesty. Dell decided to ship systems with BitLocker "pre-staged" so that it could auto-enable if you linked your Windows account to your Microsoft account -- which Microsoft is making it almost impossible to avoid doing these days. But Microsoft seems to have designed a system that causes BitLocker to be enabled sometimes without backing up the key to the cloud, which is completely unacceptable, and also without the user even realizing what happened. I recognize the benefit of encryption, but I were designing that experience, I would say, "Hey, listen up! We're about to enable encryption for your Windows partition. This will keep your data safe, but there may come a day when you need your Recovery Key. If so, we've backed it up to your cloud account, which you can access at this link. And if you want to make another backup yourself, here's your chance while we're displaying it right now." But that's not what happens.
In terms of a BIOS rollback, you would've had to roll back to whatever previous BIOS release you were running. But then you said you cleared the TPM as part of your troubleshooting. In that case, you erased the decryption key that was stored in the TPM, so now the TPM has no decryption key to release even if you get the system back to the state that the TPM trusts. So at this point unless you find your Recovery Key somewhere, I'm very sorry to say this, but your data is effectively lost, and your only recourse is going to be to reinstall Windows from scratch, along with all of your drivers, applications, etc. And I realize this won't help your present situation, but going forward I would strongly recommend a robust backup solution. Frequent full system image backups are a good idea and can protect you from other eventualities too, such as an OS that becomes unbootable after a wayward Windows update. And setting up automatic cloud backups of at least your most critical data is worth considering as well.
I'm very sorry that I don't have better news for you, but unfortunately unless that Recovery Key turns up, that is the reality of the situation.
Wearetheresistance
1 Message
1
September 15th, 2021 13:00
The solution for me was to login to Microsoft and the key can be obtained there. I've just done it myself and it worked.
Finding your BitLocker recovery key in Windows