Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

BitLocker Asks for a Recovery Key Every Boot on USB-C/Thunderbolt Computers When Docked or Undocked

Summary: This article explains what to do if Windows BitLocker asks for a recovery key upon booting up your USB type-C or Thunderbolt 3 computer while using a docking station.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

BitLocker prompts to enter the recovery key when booting up a computer using a USB type-C or Thunderbolt 3 docking station.

This article is intended for the following models:

  • Latitude 5280
  • Latitude 5480
  • Latitude 5580
  • Latitude 7280
  • Latitude 7380
  • Latitude 7480
  • Precision 3520
Note: Other Dell computers may have the same behavior, the following fix is intended for the models that are listed above.

Cause

No cause information.

Resolution

Table of Contents

  1. BitLocker Asks for a Recovery Key at Boot
  2. How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

BitLocker Asks for a Recovery Key at Boot

Note: Update your computer's BIOS before proceeding, as some BIOS updates have implemented a fix for this issue. You can check for the updated version on the Dell Drivers & Downloads site.

BitLocker is an encryption function of the Windows Operating System 9OS). You may encounter an issue where BitLocker asks for a recovery key every time you boot up your computer. This issue has been found to occur on computers with USB Type-C and Thunderbolt 3 (TBT) ports.

BitLocker monitors the computer for changes to the boot configuration. When BitLocker sees a new device in the boot list or an attached external storage device, it prompts you for the key for security reasons. This is normal behavior.

This problem occurs because boot support for USB-C/TBT and Preboot for TBT are set to On by default. Turning these options off in the BIOS removes any USB-C/TBT devices from the boot list, and BitLocker does not see them.

The only negative effect of this configuration change is that you cannot perform a PXE boot from a USB-C/TBT dongle or docking station.


How to Set the BIOS to Prevent BitLocker Recovery Key Prompts

To resolve the issue, follow the steps below:

  1. Enter the BIOS (pressF2 or F12 at the boot screen.)
  2. Go to System Configuration, then USB Configuration, and make the following changes:
    Note: Depending on the computer type, these options may be in other locations.
     
    1. Disable USB Type-C or Thunderbolt 3 Boot support.
    2. Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot.
    3. Disable UEFI Network Stack.
    4. Set: POST Behavior -> Fastboot -> Thorough

Once these changes are made, the computer should not prompt for the BitLocker key on every boot.

Note: There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode. For computers using legacy mode, see the article: BitLocker fails to turn on or prompts for the Recovery Key rebooting with Windows 10, UEFI, and the TPM 1.2 Firmware

Back to Top

Additional Information

For further support and guidance, view our instructional video: "Resolve BitLocker Recovery Key Prompts"

Article Properties


Affected Product

Dell Dock WD15, Dell Thunderbolt Dock TB16, Dell Precision Dual USB-C Thunderbolt Dock - TB18DC, Latitude 5280/5288, Latitude 7280, Latitude 7380, Latitude 5480/5488, Latitude 7480, Latitude 5580, Precision 3520

Last Published Date

14 Sep 2022

Version

4

Article Type

Solution