BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked


BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked


This article explains what to do if Windows BitLocker asks for a recovery key upon booting up your USB type-C or Thunderbolt 3 equipped system.


Table of Contents

  1. BitLocker Asks for a Recovery Key at Boot
  2. How to Set the BIOS to Prevent BitLocker Recovery Key Prompts



BitLocker Asks for a Recovery Key at Boot

Note: Update your system's BIOS before proceeding, as some BIOS updates have implemented a fix for this issue. You can check for the updated version on Dell.com/Support/Drivers/Home.

BitLocker is an encryption function of the Windows operating system. You may encounter an issue where BitLocker asks for a recovery key every time you boot up your system. This issue has been found to occur on systems with USB Type-C and Thunderbolt 3 (TBT) ports.

BitLocker monitors the system for changes to the boot configuration. When BitLocker sees a new device in the boot list or an attached external storage device, it prompts you for the key for security reasons. This is normal behavior.

This problem occurs because boot support for USB-C/TBT and Pre-boot for TBT are set to On by default. Turning these options off in the BIOS removes any USB-C/TBT devices from the boot list, and BitLocker does not see them.

The only negative effect of this configuration change is that you cannot perform a PXE boot from a USB-C/TBT dongle or dock.

Top of the Page


How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

To resolve the issue, please follow the steps below.

  1. Enter the BIOS (press F2 or F12 at the boot screen).
  2. Go to System Configuration, then USB Configuration, and make the following changes:
    Note: Depending on the system type, these options may be in other locations.
    1. Disable USB Type-C or Thunderbolt 3 Boot support
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
    3. Disable UEFI Network Stack
    4. Set POST Behavior -> Fastboot -> Thorough

Once you have made these changes, the system should not prompt for the BitLocker key on every boot.

Note: There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode. For systems using legacy mode, see the article SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware.

Top of the Page


For further support and guidance, please view our instructional video "Resolve BitLocker Recovery Key Prompts."




Article ID: SLN304584

Last Date Modified: 04/08/2020 04:25 PM

Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.