Thread: Bitlock Key Code

Either deny using the device, or claim it was like that when you turned it on.
Glad I'm not in your shoes.

Try Unexpected BitLocker recovery screen - ThinkPad, ideapad, ideacentre - Lenovo Support AU

Originally Posted by Saitch

...Any thoughts, anyone?

Where did the pop up window offering you a firmware update originate from, Microsoft or a non MS source, ie Lenovo?

By default your PC's hard drive is encrypted. The encryption key is stored locally on your PC within hardware known as the Trusted Protection Module (TPM). If the TPM is cleared or altered by non Microsoft system updates (you said you did a firmware update) then your local key is lost forever.

Do I have to suspend BitLocker protection to download and install system updates and upgrades?

Users need to suspend BitLocker for Non-Microsoft software updates, such as:

• Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM. Users don't have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. It's recommended that users test their TPM firmware updates if they don't want to suspend BitLocker protection

• Non-Microsoft application updates that modify the UEFI\BIOS configuration

• Manual or non-Microsoft updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation)

• Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if BitLocker doesn't use Secure Boot for integrity validation during updates)

Unless you find your key, either printed on paper somewhere, stored on a USB drive somewhere or stored in the cloud (an MS account) then it's 'goodnight'.

There are ways and means of initially setting up your PC which does not automatically store your key in your MS account (but always result in your drive being encrypted nonetheless) so it's not necessarily a surprise you can't find a key there.

You say you don't have a key for your own PC. Then I'd suggest you turn bitlocker off while you can. This will decrypt your drive. You can decide later whether to encrypted again (by turning bitlocker back on) and this time take action to retain a copy of your key.

Ive been caught out before by not knowing / realising drives are encrypted by default.

Originally Posted by Ferret

Where did the pop up window offering you a firmware update originate from, Microsoft or a non MS source, ie Lenovo?

By default your PC's hard drive is encrypted. The encryption key is stored locally on your PC within hardware known as the Trusted Protection Module (TPM). If the TPM is cleared or altered by non Microsoft system updates (you said you did a firmware update) then your local key is lost forever.

Do I have to suspend BitLocker protection to download and install system updates and upgrades?



Unless you find your key, either printed on paper somewhere, stored on a USB drive somewhere or stored in the cloud (an MS account) then it's 'goodnight'.

There are ways and means of initially setting up your PC which does not automatically store your key in your MS account (but always result in your drive being encrypted nonetheless) so it's not necessarily a surprise you can't find a key there.

You say you don't have a key for your own PC. Then I'd suggest you turn bitlocker off while you can. This will decrypt your drive. You can decide later whether to encrypted again (by turning bitlocker back on) and this time take action to retain a copy of your key.

Ive been caught out before by not knowing / realising drives are encrypted by default.

I just checked my machine and it's not encrypted! I'm thinking that my wife's wasn't either, but the update from Lenova has altered the BIOS. A lot out of my depth here.

Thanks for all the advice. Even V8Ian!

All sorted, thanks all. Our computer man had a copy of the key code in his records.

Life is good again!