BitLocker Asks for a Recovery Key Every Boot on USB-C or Thunderbolt Computers When Docked or Undocked

Summary: This article explains what to do if Windows BitLocker asks for a recovery key upon booting up your USB type-C or Thunderbolt 3 computer while using a docking station.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

BitLocker prompts to enter the recovery key when booting up a computer using a USB type-C or Thunderbolt 3 docking station. This article is intended for the following models:

  • Latitude 5280
  • Latitude 5480
  • Latitude 5580
  • Latitude 7280
  • Latitude 7380
  • Latitude 7480
  • Precision 3520
Note: Other Dell computers may have the same behavior, the following fix is intended for the models that are listed above.

Cause

No cause information is available.

Resolution

Table of Contents

  1. BitLocker Asks for a Recovery Key at Boot
  2. How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

BitLocker Asks for a Recovery Key at Boot

Note: Update your computer's BIOS before proceeding, as some BIOS updates have implemented a fix for this issue. You can check for the updated version on the Dell Drivers & Downloads site.

BitLocker is an encryption function of the Windows Operating System 9OS). You may encounter an issue where BitLocker asks for a recovery key every time you boot up your computer. This issue has been found to occur on computers with USB Type-C and Thunderbolt 3 (TBT) ports.

BitLocker monitors the computer for changes to the boot configuration. When BitLocker sees a new device in the boot list or an attached external storage device, it prompts you for the key for security reasons. This is normal behavior.

This problem occurs because boot support for USB-C/TBT and Preboot for TBT are set to On by default. Turning these options off in the BIOS removes any USB-C/TBT devices from the boot list, and BitLocker does not see them.

The only negative effect of this configuration change is that you cannot perform a PXE boot from a USB-C/TBT dongle or docking station.

How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

To resolve the issue, follow the steps below:

  1. Enter the BIOS (pressF2 or F12 at the boot screen.)
  2. Go to System Configuration, then USB Configuration, and make the following changes:
    Note: Depending on the computer type, these options may be in other locations.
     
    1. Disable USB Type-C or Thunderbolt 3 Boot support.
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Preboot.
    3. Disable UEFI Network Stack.
    4. Set: POST Behavior -> Fastboot -> Thorough

Once these changes are made, the computer should not prompt for the BitLocker key on every boot.

Note: There are other reasons for recovery key prompts that this procedure may not resolve.
This solution should work in UEFI mode. 
More information about BitLocker issues can be found in the following articles:

Back to Top

Additional Information

How to Resolve BitLocker Recovery Key Prompts

Duration: 01:07
When available, closed caption (subtitles) language settings can be chosen using the Settings or CC icon on this video player.

Affected Products

Dell Dock WD15, Dell Thunderbolt Dock TB16, Dell Precision Dual USB-C Thunderbolt Dock - TB18DC, Latitude 5280/5288, Latitude 7280, Latitude 7380, Latitude 5480/5488, Latitude 7480, Latitude 5580, Precision 3520
Article Properties
Article Number: 000128275
Article Type: Solution
Last Modified: 21 Oct 2025
Version:  10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.