BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked

BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked



Summary: "You may see an issue where on every boot Windows BitLocker asks for a recovery key on USB type-C or Thunderbolt 3 equipped systems".


Table of Contents

  1. BitLocker asks for a recovery key at Boot.
  2. How to set the BIOS to prevent BitLocker recovery key prompts.



BitLocker asks for a recovery key at Boot.

Note: The system BIOS should be updated prior to these steps, the BIOS for some systems now have a fix for this issue. You can check for the updated version on Dell.com/Support/Drivers/Home.

BitLocker is an encryption function of the Windows operating system. You may encounter an issue where on every boot BitLocker asks for a recovery key. Further investigation in to the issue found this is occurring on systems a USB Type-C (USB Type-C only & Thunderbolt 3) ports.

BitLocker monitors the system for changes in the boot and configuration. When BitLocker sees a new device in the boot list or an attached external storage device it will prompt for the key for security reasons. This is normal behavior.

This problem occurs because by default USB-C / Thunderbolt 3 (TBT) boot support and Pre-boot for the TBT is on.

By turning these options off in the BIOS the Thunderbolt / USB-C is removed from the boot list and BitLocker does not see it.

The only negative effect of this configuration change is you will not be able to PXE boot from a USB Type-C or Thunderbolt 3 dongle or dock.

Top of the Page


How to set the BIOS to prevent BitLocker recovery key prompts.

To resolve the issue please follow the steps below.

  1. Enter the BIOS (F2 at boot or F12 one time boot menu at boot)
  2. Go to System Configuration, then USB Configuration, and uncheck the following.
    1. Disable USB Type-C or Thunderbolt 3 Boot support
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
    3. Set POST Behavior -> Fastboot -> Thorough

Upon doing this the system should not prompt for the BitLocker key on every boot.

Note: This is a solution for USB Type-C / Thunderbolt 3 configurations causing a BitLocker recovery prompt at boot. There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode.

Systems using legacy mode can use the same steps provided in SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware

Top of the Page


For further support and guidance please view our instructional video "Resolve BitLocker Recovery Key Prompts"



ID de l'article : SLN304584

Date de la dernière modification : 07/25/2018 03:17 PM


Noter cet article

Précis
Utile
Facile à comprendre
Avez-vous trouvé cet article utile ?
Oui Non
Envoyez-nous vos commentaires
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\
Désolé, notre système de collecte des commentaires est actuellement indisponible. Veuillez réessayer ultérieurement.

Merci pour vos commentaires.