Stuck Startup and Windows 10 Bitlocker TPM Issue
Didi64_549 Posted messages 2797 Registration date Status Member Last intervention -
Hello to all the web users,
Today, I'm posting this message on this platform to seek solutions to my problem, but also to warn Windows users about the "Bitlocker" encryption.
To explain the situation, one evening, I was in "safe mode" to ensure that the transfer (micro SD card adapter -> HDD) was faster since some programs I installed were running in the background. Once the transfer was complete, I shut down my laptop.
The next day, I turned on my laptop and... the startup got stuck... on the logo with the loading icon. This is the first time this has happened since I bought this computer. Surprised, I restarted to see if it was a bug that sometimes occurs, but... it happened again, it was stuck once more.
I'm a bit disgusted to learn this is happening to me; I absolutely don't understand why this bug occurred. I decided to switch to "Windows Recovery mode" by pressing "Alt + F10" (programmed via the BIOS). I went through the "Diagnostics" option, but I was asked for the "Bitlocker" recovery key.
Knowing that when I enabled "Bitlocker" on the system hard drive, I didn't think I would need a recovery key since the "Bitlocker" system is supposed to automatically unlock the system hard drive without a password thanks to the "TPM" security system, which detects a kind of key stored on the hard drive. So as the system decrypts itself at startup with TPM, it didn't seem necessary to save a recovery key... until an incident occurs.
I therefore do not have the recovery key, I then click on "Skip this drive," and it displays that the operation cannot be completed... I try all the other tools... the same message and no way to access it to recover my files.
Disgusted, I attempt to execute the sfc and dicm commands, but that still leads nowhere.
I tried to boot from a USB drive, which I was able to configure in the BIOS... I tried to access the hard drive, but it asks for the recovery key (one cannot deny it, the system is really foolproof, very well made, frankly).
I also ran the sfc and dicm repair commands again, but that still doesn't work! I also thought about doing "Microsoft Diagnostics," and again, certain options do not relate to repairing the hard drive. I also cannot restore to a previous state.
There, I just realized I was at an impasse..., that I was desperate over a problem I couldn't solve, as I discovered that Bitlocker was not only blocking access to personal files and Windows (which I agree with) but to THE WHOLE DISK (including boot files and diagnostic files) and also ALL RECOVERY METHODS (what's the point of the recovery partition)... HAHA LOOooolll. I did not expect that at all!
So now, at this moment, I am using the system from a USB drive through the "Windows to Go" system via an HDD... But this is a really temporary solution as the boot takes between 10 to 20 minutes, often around 16 minutes which is way too long. Moreover, not all functionalities are present, and if the USB drive is removed, I lose my work...
I have three paths ahead of me:
- Either to find a solution here by reaching out to you
- Or to find a way to open the img files I saved using the software (but I can't open them with File Explorer, Winrar, 7zip…)
- Or unfortunately, I format the system hard drive to reinstall Windows 10 as before (resetting it to zero).
Yes, you will probably say that I'm foolish for not thinking about it, but at the same time, I didn’t think I would encounter a situation as bad as this one that I’ve experienced on my PC. When I enabled Bitlocker on the system hard drive, I was never prompted to save the recovery key. Moreover, it did not seem necessary since the TPM system is embedded in my laptop, I hadn’t had any boot bugs until this day... especially since I would have preferred to have a "password" for recovery, that seems fairer to me.
I've been using this PC for 6 years, I’m used to Windows, I don’t have any unwanted programs as I am careful about what I download, and I do several scheduled scans with my antivirus; I mainly use it to edit documents, notes that I send by email, and I use it with a browser. I completely did not expect this incident, so I had full trust in Microsoft regarding Bitlocker.
Regarding Bitlocker in Windows 10, I would say it's a very secure system that protects data against any attack... and therefore even the owner cannot access it... (me) if any issue arises for booting (on computers with TPM) and the recovery key is not recorded...
On one hand, I am quite disgusted, saddened, and upset, and on the other, I am angry and a bit hateful about losing so much data (memories, photos, videos, music, old documents) that I used for nearly 6 years since I got my laptop (thankfully, I do a full backup every year and the documents I have are not too important, whether administrative or essential for personal or professional life) because of the simple fact that... THEY DID NOT FORESEE SOLVING TPM, BOOTING, BITLOCKER ISSUES…!!! It’s clever to have required a startup key to resolve startup issues, especially since that is the problem here... Well done!!! (But for all other features, I can only commend their very comprehensive and thorough work... but here it’s quite ridiculous not to have anticipated a problem like this)
I thank you for your reading, I hope to find a solution, but I fear I have to reset.
Those who wish to help me, and I thank you for your support, know that the problem/bug is really hard to find and fix, and the files cannot be accessed including the diagnostic files, it is aimed more at experienced users, Windows experts...
Have a good day and enjoy your life :D (keeping positive is important!)
Citadin6
Images that I took to illustrate the facts of Bitlocker (under Creative Commons license CC BY-SA, so credit for other users.
1 answer
Hello,
BitLocker is a hard drive encryption feature of the Windows 9 operating system.
You may encounter this issue where BitLocker asks for a recovery key every time you start your PC.
This problem has been observed on computers equipped with USB Type-C or Thunderbolt 3 (TBT) ports.
BitLocker monitors the computer to detect changes to the boot configuration. When BitLocker detects a new device in the boot list or an external storage device connected, it prompts you to enter the key for security reasons.
This behavior is normal.
This issue is related to the fact that support options for USB-C/TBT boot and TBT pre-boot are enabled by default.
If you disable these options in the BIOS, the USB-C/TBT devices will be removed from the boot list, and BitLocker will no longer detect them.
The only negative effect of this configuration change is that you will not be able to perform a PXE boot from a USB-C/TBT dongle or dock.
BIOS configuration to prevent prompts for: BitLocker recovery key.
To resolve this issue, follow the steps below:
- Access the BIOS (press the F2 or F12 key on the startup screen).
- Go to the System Configuration menu, select USB Configuration, and make the following changes:
Note: Depending on the type of PC, these options may be located in different places.
- Disable support for USB Type-C or Thunderbolt 3 Boot.
- Disable the USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot options.
- Disable UEFI Network Stack.
- Set the following: POST Behavior -> Fastboot -> Thorough
Once these changes are made, the computer should no longer ask for the BitLocker key at each startup.
Note: Prompts for the recovery key can have other causes that this procedure does not address.
This solution should work in UEFI mode.
For PCs using Legacy mode, see the following article: