Worried about the Windows BitLocker recovery bug? 6 things you need to know

Nikolas Kokovlis/NurPhoto by way of Getty Photographs

5 years in the past, after a very embarrassing run of flawed Home windows updates, Microsoft vowed to do higher. A part of its cleanup program included the introduction of a “release health dashboard” that paperwork the standing of recognized points with each replace.

Additionally: You can upgrade your old PC to Windows 11 – even if Microsoft says it’s ‘incompatible’. Here’s how

That transparency is an effective factor, to make certain, however typically these disclosures elevate extra questions than they reply. A working example is the discharge well being dashboard flagged the July 2024 safety replace as having a recognized difficulty affecting PCs working Home windows 10 and Home windows 11 and a number of variations of Home windows Server, see: Device might boot into BitLocker recovery with the July 2024 security update.

On affected PCs and servers, Home windows refuses as well to the traditional login display, as a substitute presenting a blue display just like the one proven right here:

bitlocker-recovery-preboot

In the event you see this display, one thing went fallacious at startup and you want to show your id to get well your information.

Screenshot from Microsoft Assist

Because the Microsoft report dryly notes: “This display doesn’t generally seem after a Home windows replace.” The advisory doesn’t present a trigger for the problem, nevertheless it presents one clue: “You usually tend to face this difficulty when you have the Gadget Encryption possibility enabled in Settings below Privateness & Safety -> Gadget encryption.”

Additionally: How to install Windows 11 the way you want (and sneak by Microsoft’s restrictions)

After coming into the restoration key, Home windows begins up usually. If you cannot discover the restoration key, your information is misplaced for good.

That sounds dangerous, however the story just isn’t almost as alarming as media protection has made it sound. I have been digging into this difficulty for the previous week. This is what I’ve discovered.

How widespread is that this bug?

In usually irritating vogue, Microsoft supplied no particulars about how frequent this difficulty is or what triggers it. Clearly, it would not have an effect on each machine that acquired the July 2024 safety replace. (If that have been the case, the replace would have been pulled instantly and it will have been front-page information.) It hasn’t occurred on any machine I’ve examined, and I have never heard from any readers affected by it. Once I searched on Microsoft’s community forums, I did not discover any stories associated to this bug.

On Reddit, I did discover a number of community directors reporting that this difficulty affected a number of machines of their group. (See this thread and this one for examples.) It seems all of the units have been HP or Lenovo laptops that have been managed on company networks and acquired firmware updates as a part of the July 2024 Patch Tuesday replace launch.

Once I requested Microsoft for added particulars on the scope of the problem, an organization spokesperson mentioned: “Microsoft has nothing extra to share past what is accessible within the following sources,” offering hyperlinks to an overview of BitLocker technology (with the Gadget Encryption part highlighted) and a assist article titled “BitLocker drive encryption in Windows 11 for OEMs“.

Why is that this taking place?

BitLocker is a particularly efficient safety possibility that encrypts the contents of a complete drive in order that nobody can entry its contents with out your permission. BitLocker works at the side of a Trusted Platform Module (TPM) and the Safe Boot function to securely save a fingerprint of your boot configuration.

Whenever you see the restoration immediate, that often signifies that one thing concerning the boot course of would not look proper to BitLocker. So, as a substitute of continuing to a traditional login display, it prompts you for the restoration key. This could occur for all kinds of causes which may or may not be associated to an outdoor attacker.

Additionally: The Windows 10 clock is ticking: 5 ways to save your old PC in 2025 (most are free)

In a separate part of the assist article the Microsoft spokesperson pointed me to, there is a part titled “BitLocker restoration situations” that lists no fewer than 15 “examples of frequent occasions that trigger a tool to enter BitLocker restoration mode when beginning Home windows.” The listing contains some actions which can be typical of what may occur when an unauthorized individual is attempting to entry information on the system, corresponding to making adjustments to the boot supervisor or the NTFS partitions on the disk, disabling the TPM, or transferring the BitLocker-protected drive into a brand new laptop.

However you can even set off BitLocker restoration by upgrading important early startup elements, corresponding to a BIOS or UEFI firmware improve, which is what I think occurred right here. Firmware upgrades are presupposed to droop BitLocker encryption whereas they’re put in, however it seems that this is not taking place on the laptops in query.

What is the distinction between BitLocker and Gadget Encryption?

Gadget Encryption is a function that is customary on all trendy PCs designed for Home windows 11. It really works with all Home windows editions (together with House version), encrypting the contents of the system drive. It is on by default however is simply activated while you register with a free Microsoft account or an Entra ID account. In these circumstances, the restoration secret’s mechanically saved within the account dashboard on your account.

Additionally: Microsoft is changing how it delivers Windows updates: 4 things you need to know

BitLocker Drive Encryption is a function that is out there for enterprise clients, solely on Professional, Enterprise, and Schooling editions of Home windows. It permits you to encrypt the system quantity in addition to secondary drives and detachable media, corresponding to USB flash drives. This model of BitLocker features a full set of administration instruments.

Is your system drive encrypted?

The Gadget Encryption function is managed with a easy toggle swap in Home windows Settings. On Home windows 11, yow will discover this swap by going to Settings > Privateness & safety > Gadget Encryption.

If this swap is not out there, then your system, for one cause or one other, would not assist encryption. One frequent cause is that the TPM is unavailable; yow will discover the small print by opening the System Info utility (Msinfo32.exe) utilizing an administrator’s credentials. Search for a line labeled Gadget Encryption Assist, on the backside of the System Abstract web page.

Have you ever saved a backup copy of your restoration key?

As talked about earlier, Home windows mechanically saves a replica of your restoration key to your Microsoft account. In the event you’re ever prompted to enter that key, yow will discover it by opening a browser window (on a PC, Mac, or cellular system) and going to microsoft.com/recoverykey.

Sign up with the account you used for the system the place you are seeing the restoration immediate. That may take you to a web page like this one:

bitlocker-recovery-keys

You will discover your BitLocker restoration keys right here.

Screenshot by Ed Bott/ZDNET

There, you may seek for your system identify and ensure that the encryption secret’s accessible. You may as well copy that key to a textual content file, print it out, and retailer it safely.

In the event you’d fairly use PowerShell to search out your encryption key, open PowerShell as an administrator and use the next command:

(Get-BitLockerVolume -MountPoint C).KeyProtector

That course of ought to offer you all the data you want.

Must you flip encryption off?

In the event you’re apprehensive concerning the chance that you’re going to be locked out of your PC by a BitLocker failure, you may flip system encryption off by going to its web page in Settings and sliding the Gadget Encryption web page to the Off place.

Additionally: The best Windows laptops you can buy: Expert tested and reviewed

Nevertheless, that is an excessive answer to an issue that is unlikely to have an effect on you. In the event you’ve acquired a backup copy of your restoration key, you are in no danger of shedding information, and also you’re absolutely shielded from having your digital life turned the wrong way up by a thief who steals your laptop computer and accesses your information recordsdata.

Sensi Tech Hub
Logo