XPS 9570: BitLocker asks for recovery key after dual boot

If you have to do that every time, it sounds like there's a problem with the BitLocker "protector" relating to your TPM.  The long way to remove and re-add the TPM protector is by decrypting and re-encrypting your drive, but the shorter way is to open a Command Prompt and do this:

1. Run "manage-bde -protectors -get C:"
2. Find the TPM protector and copy its ID to the clipboard, including the braces (curly brackets), then enter the following two commands:
- manage-bde -protectors -delete C: -ID {XXXXX}
- manage-bde -protectors -add C: -TPM

Now reboot and see if you still get a Recovery Key prompt.

@jphughan thanks for your response! I followed your instructions, but unfortunately I'm not allowed to delete the TPM protector which gives an error "This version of Windows does not support this feature of BitLocker Drive Encryption. To use this feature, upgrade the operating system".  I am allowed to delete or alter though the  numerical password, so I don't quite understand the cause of this. I guess I could proceed with clearing the TPM through tpm.msc right?

Hmm, it sounds like you might be running Windows 10 Home rather than Pro then? On Home, if your PC merts certain hardware requirements, certain BitLocker capabilities are available, but not all of them. In the past (and even today on older PCs), Home doesn’t have BitLocker at all.

I would definitely NOT delete the Numerical Password protector though, because that’s your Recovery Key. If you delete that and your TPM protector isn’t working, you’ll probably lock yourself out of your drive entirely. Clearing the TPM won’t help either, because you need the TPM to have a key, and BitLocker won’t automatically add it just because it’s missing. If you’re on Windows 10 Home and can’t use those protector commands, you’ll probably have to disable and re-enable encryption, which on Home I believe is done under Settings > Update & Security > Device encryption.

Indeed I am running a Windows 10 Home. So disabling and re-enabling encryption is the only way to proceed. Of course I wouldn't erase the numerical password; it isn't clear to me though why I can meddle with that, but I'm not allowed to alter the TPM. It is to my belief that the whole cause of that is the dual boot itself, e.g. that the booting from grub is considered as altering the set boot order, thus always asking for the key. Do you think suspending protection prior the dual boot would have spared me from this fuss?

Anyway, I'll try this and let you know the outcome. Once more, thanks again for your help!

I’m admittedly not familiar with how Grub might affect BitLocker. However, when you see a Recovery Key prompt, it’s usually caused by the TPM refusing to release its key due because the system failed the “platform integrity check”, and that’s usually due to things like changing the BIOS version or changing certain BIOS settings. However, when that happens, if you enter the correct Recovery Key, BitLocker “reseals” the TPM protector under the current platform configuration, so in that situation you shouldn’t see the prompt AGAIN until you changed something else again (including changing settings back, because the TPM protector can only be sealed to a single platform configuration at a time). So for Grub to cause this at every boot, it would have to be doing something  that counted as a change every single time.

The only time I’ve seen cases where you see the Recovery Key prompt repeatedly is when the TPM doesn’t have the key at all, which is usually after the TPM was cleared or the motherboard was replaced, or in some cases after updating TPM firmware. In THOSE cases, providing the Recovery Key doesn’t put an entirely new key into the TPM, though, which is why I suggested the steps above, but evidently they won’t work on your system.

The weird thing though is that my wife’s XPS 13 9350 runs Win10 Home, and although I don’t have the system with me to recheck, I’m 95% sure I was able to mess with the TPM protector using those manage-bde commands when I explored this a while ago. That makes me wonder if something might have changed on your system that caused BitLocker to decide that your Win10 Home no longer met the hardware requirements to allow even the partial BitLocker functionality that’s sometimes available. In that case, you might end up stuck with encryption that you can’t re-enable, or worse might not even be able to turn off without wiping the drive. I hope that’s not the case of course, but your situation does seem very unusual. Good luck!

Hi,

May I know if your problem solved by enabling and disabling encryption?