Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

BitLocker Asks for a Recovery Key Every Boot on USB-C / Thunderbolt Systems When Docked or Undocked

Summary: Windows BitLocker asks for a recovery key on USB type-C or Thunderbolt 3 equipped systems.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

This article explains what to do if Windows BitLocker asks for a recovery key upon booting up your USB type-C or Thunderbolt 3 equipped system.


Table of Contents

  1. BitLocker Asks for a Recovery Key at Boot
  2. How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

Resolution

BitLocker Asks for a Recovery Key at Boot

 
SLN304584_en_US__1icon Note: Update your system's BIOS before proceeding, as some BIOS updates have implemented a fix for this issue. You can check for the updated version on Dell.com/Support/Drivers/Home.

BitLocker is an encryption function of the Windows operating system. You may encounter an issue where BitLocker asks for a recovery key every time you boot up your system. This issue has been found to occur on systems with USB Type-C and Thunderbolt 3 (TBT) ports.

BitLocker monitors the system for changes to the boot configuration. When BitLocker sees a new device in the boot list or an attached external storage device, it prompts you for the key for security reasons. This is normal behavior.

This problem occurs because boot support for USB-C/TBT and Pre-boot for TBT are set to On by default. Turning these options off in the BIOS removes any USB-C/TBT devices from the boot list, and BitLocker does not see them.

The only negative effect of this configuration change is that you cannot perform a PXE boot from a USB-C/TBT dongle or dock.

Top of the Page


How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

To resolve the issue, please follow the steps below.

  1. Enter the BIOS (press F2 or F12 at the boot screen).
  2. Go to System Configuration, then USB Configuration, and make the following changes:
    SLN304584_en_US__1icon Note: Depending on the system type, these options may be in other locations.
     
    1. Disable USB Type-C or Thunderbolt 3 Boot support
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
    3. Disable UEFI Network Stack
    4. Set POST Behavior -> Fastboot -> Thorough

Once you have made these changes, the system should not prompt for the BitLocker key on every boot.

SLN304584_en_US__1icon Note: There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode. For systems using legacy mode, see the article SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware.

Top of the Page


For further support and guidance, please view our instructional video "Resolve BitLocker Recovery Key Prompts."


Article Properties


Affected Product

Dell Dock WD15, Dell Thunderbolt Dock TB16, Dell Precision Dual USB-C Thunderbolt Dock - TB18DC, Latitude 5280/5288, Latitude 7280, Latitude 5480/5488, Latitude 7480, Latitude 5580, Precision 3520

Last Published Date

21 Feb 2021

Version

3

Article Type

Solution