Bitlocker Recovery Mode after UEFI Update, No Key


2Savage

New member
Local time
7:22 AM
Posts
8
OS
Windows 11
Lenovo Yoga 920-13ikb
bios 5NCN41WW
currently with Win11, likely upgraded from Win10 in the past
From approximately 2017-2018

Helping someone with their Laptop, it was working fine no problems, I went to the Windows Update, and it had Optional update of Lenovo Firmware, the UEFI update, I did that, and it said to restart. After restart, Bitlocker goes into recovery mode.

PC Owner never printed their Bitlocker Recovery Key. They have 2 Windows Users, I only went into 1 of the users, and it was a Local User, not a Microsoft Account User, so it appears that Bitlocker Recovery cannot be accessed from a MS Account. I never saw the other user, so it is possible that it is a MS Account with synced Bitlocker Recovery Key, so I asked the PC owner to log into their MS account from another device, but I followed directions from MS, and MS account explicitly said there was no Bitlocker synced device in their settings.

PC Owner likely never setup Bitlocker themselves, it likely came from Lenovo that way, if this is so, where does Lenovo originally provide the recovery key? They must provide it to the purchaser somewhere! It seems to me that in theory, if I perform a UEFI/BIOS version rollback, it will fit the Bitlocker checksum, or TPM key checksum or whatever it is called.

Lastly, of course no one will be shocked that the PC Owner has no backups of her files, and no cloud sync of her files.

What options are left? I will try anything, thank you everyone so much!
 
Last edited:

My Computer

System One

  • OS
    Windows 11

hsehestedt

Well-known member
Power User
VIP
Local time
9:22 AM
Posts
1,206
Location
Texas, USA
OS
Windows 11 Pro 22H2
Unfortunately, if the user does not have that recovery key, you are done. There is no way around it. No, rolling back the Firmware will not help you.

As a side note: I'm a little bit surprised that a firmware update would be handled so poorly by Lenovo. On my system, the firmware update specifically warns me about BitLocker and it even performs the suspension of BitLocker for me so that there is no problem upon booting after the update. One difference, however, is that I always apply the updates manually. I don't know if there is an issue with updates that get delivered via Windows Update. If so, that's going to cause problems for a lot of people.

I'm so sorry, I wish that I had better news for you.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Dual Boot Windows 11 Pro 22H2 and Windows 10 Pro 22H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

2Savage

New member
Thread Starter
Local time
7:22 AM
Posts
8
OS
Windows 11
Unfortunately, if the user does not have that recovery key, you are done. There is no way around it. No, rolling back the Firmware will not help you.

As a side note: I'm a little bit surprised that a firmware update would be handled so poorly by Lenovo. On my system, the firmware update specifically warns me about BitLocker and it even performs the suspension of BitLocker for me so that there is no problem upon booting after the update. One difference, however, is that I always apply the updates manually. I don't know if there is an issue with updates that get delivered via Windows Update. If so, that's going to cause problems for a lot of people.

I'm so sorry, I wish that I had better news for you.
I have also never seen a Windows Update of any kind cause a Bitlocker Recovery. It is possible that the Windows update was not what caused this, because the PC Owner said earlier that day she experienced a BSOD, although it was likely not a Bitlocker BSOD. Perhaps the firmware update was unrelated to this issue, and it is being caused by another glitch? I performed almost nothing to this PC besides the Win updates, i installed nothing, uninstalled nothing, did almost no changes, and then this happened.

I disagree with your accessment that a UEFI update rollback could not solve this, because I have seen a similar approach work before. In the past, on a different pc, I had made a change to the EFI partition (not the UEFI firmware), and it caused the BitLocker recovery, but after I reverted the change, it resumed as normal. Do you know how to perform a rollback? On the Lenovo website for this model, it only offers 1 version of the UEFI, and that is the version I had updated to, so I have so far been unable to download the original version, which I would then need to learn how to flash the UEFI manually.
 

My Computer

System One

  • OS
    Windows 11

glasskuter

Well-known member
Pro User
VIP
Local time
9:22 AM
Posts
2,946
Location
Paris in the Lone Star State of Texas
OS
Windows 11 Pro 22H2 22621.819
I agree with @hsehestedt that even if it is possible to rollback the bios, it will not solve the bitlocker issue. You cannot compare changes to a uefi partition to a bios update. partition=apples UEFI firmware=oranges

You might contact Lenovo support but since that laptop is long out of warranty, there is probably a fee for support.

IMO the only way you can recover this device is by installing another hard drive and doing a clean install of windows. There is no way to recover the files on the bitlocked drive.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.819
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

hsehestedt

Well-known member
Power User
VIP
Local time
9:22 AM
Posts
1,206
Location
Texas, USA
OS
Windows 11 Pro 22H2
It's possible I could be wrong, I'm simply repeating what I have been told in the past. In all honestly, if I were you, I would definitely try a rollback.

For instructions on how, that would be something to check with the OEM. I would hope it would be as easy as installing the old version on top of the new one.

Please do let us know if that works!

PS: This literally just occurred to me as I'm typing...

I suspect that maybe why some people who run into this are not helped when they rollback might be because they have secure boot enabled. If your system does not have secure boot turned on then maybe a rollback might work. This is just a hypothesis, but it gives me hope :-)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Dual Boot Windows 11 Pro 22H2 and Windows 10 Pro 22H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

Bastet

Well-known member
Member
VIP
Local time
3:22 PM
Posts
304
Location
Manchester. UK.
OS
Windows 10 Pro 64bit
There seems to be an acknowledged bug with one of the Windows updates which is activating Bitlocker even on Windows Home.
Microsoft are working on a fix but this doesn’t help those currently affected. Their fix seems to be for Pro & Enterprise users only. Afaik Home users need to contact the PC’s manufacturer for the key/instructions.

Microsoft are aware of it, their suggestion is as follows:
1. Run the following command from Administrator command prompt:
Manage-bde -protectors -disable %systemdrive% -rebootcount 2
2. Install the update KB5012170, if not already installed
3. Restart the device.
4. Restart the device again.
5. BitLocker should automatically be enabled after two boots. If you want to manually resume BitLocker to verify that it is enabled, use the following command:
Manage-bde -protectors -Enable %systemdrive%
Next steps: We are working on a resolution and will provide an update in an upcoming release.
If you cannot access command prompt then you may have to enter recovery mode by force restarting the PC several times>Troubleshoot options. If you still cannot access this then you’ll have to boot with the Windows installation media.
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    Laptop
    Manufacturer/Model
    PC Specialist Optimus VII V17-960 Gaming Laptop.
    CPU
    6th Gen Intel Core i7-6700HQ Quad Core processor.
    Memory
    16GB HyperX IMPACT 1600MHz SODIMM DDR3 (2 x 8GB)
    Graphics Card(s)
    NVIDIA® GeForce® GTX 960M - 2.0GB DDR5 Video RAM - DirectX® 12
    Sound Card
    Intel 2 Channel High Def. Audio + SoundBlaster™ Cinema 2 & Realtek
    Monitor(s) Displays
    Optimus Series: 17.3" Matte Full HD IPS LED Widescreen (1920x1080)
    Screen Resolution
    Full HD IPS display (1920 x 1080).
    Hard Drives
    4TB SSD (internal).
    1x 1TB & 1x 5TB external HDDs.
    Cooling
    STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
    Keyboard
    Logitech K800 wireless keyboard
    Mouse
    Logitech M705 wireless mouse
    Internet Speed
    Upto 100Mbps
    Browser
    Edge.
    Antivirus
    Windows Defender & MalwareBytes pro.

BruceR

Member
Local time
3:22 PM
Posts
42
OS
Windows 11
Their fix seems to be for Pro & Enterprise users only. Afaik Home users need to contact the PC’s manufacturer for the key/instructions.
I'm not clear why you made that distinction, as Microsoft doesn't seem to mention any difference.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop

hsehestedt

Well-known member
Power User
VIP
Local time
9:22 AM
Posts
1,206
Location
Texas, USA
OS
Windows 11 Pro 22H2
I'm not clear why you made that distinction, as Microsoft doesn't seem to mention any difference.
I don't want to put words in anyone's mouth, but my guess is that the distinction is because Home is not supposed to come with BitLocker, therefore a BitLocker fix won't get applied to Home.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Dual Boot Windows 11 Pro 22H2 and Windows 10 Pro 22H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

Bastet

Well-known member
Member
VIP
Local time
3:22 PM
Posts
304
Location
Manchester. UK.
OS
Windows 10 Pro 64bit
I'm not clear why you made that distinction, as Microsoft doesn't seem to mention any difference.
Because Home doesn’t have Bitlocker.
 

My Computer

System One

  • OS
    Windows 10 Pro 64bit
    Computer type
    Laptop
    Manufacturer/Model
    PC Specialist Optimus VII V17-960 Gaming Laptop.
    CPU
    6th Gen Intel Core i7-6700HQ Quad Core processor.
    Memory
    16GB HyperX IMPACT 1600MHz SODIMM DDR3 (2 x 8GB)
    Graphics Card(s)
    NVIDIA® GeForce® GTX 960M - 2.0GB DDR5 Video RAM - DirectX® 12
    Sound Card
    Intel 2 Channel High Def. Audio + SoundBlaster™ Cinema 2 & Realtek
    Monitor(s) Displays
    Optimus Series: 17.3" Matte Full HD IPS LED Widescreen (1920x1080)
    Screen Resolution
    Full HD IPS display (1920 x 1080).
    Hard Drives
    4TB SSD (internal).
    1x 1TB & 1x 5TB external HDDs.
    Cooling
    STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
    Keyboard
    Logitech K800 wireless keyboard
    Mouse
    Logitech M705 wireless mouse
    Internet Speed
    Upto 100Mbps
    Browser
    Edge.
    Antivirus
    Windows Defender & MalwareBytes pro.

Berton

Well-known member
Power User
VIP
Local time
8:22 AM
Posts
1,378
Location
Buffalo, Wyoming
OS
Win11 Pro RTM
PC Owner likely never setup Bitlocker themselves, it likely came from Lenovo that way, if this is so, where does Lenovo originally provide the recovery key? They must provide it to the purchaser somewhere! It seems to me that in theory, if I perform a UEFI/BIOS version rollback, it will fit the Bitlocker checksum, or TPM key checksum or whatever it is called.
I've seen that happen when purchasing a computer from a store [not directly from the manufacturer] where a password was set by an employee when putting it up for display then that employee was not available to clear the password, only choice was a full factory reset.
 

My Computers

System One System Two

  • OS
    Win11 Pro RTM
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 3400
    CPU
    Intel Core i5
    Memory
    8GB
    Hard Drives
    256GB SSD NVMe
  • Operating System
    Windows 11 Pro RTM x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro 5890
    CPU
    Intel Core i5
    Memory
    16GB
    Graphics card(s)
    Onboard, no VGA, using a DisplayPort-to-VGA adapter
    Monitor(s) Displays
    21"
    Hard Drives
    512GB SSD NVMe, 2TB WDC HDD
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender/Microsoft Security

han jansen

Member
Local time
4:22 PM
Posts
31
Location
France
OS
WIN 11
I have also never seen a Windows Update of any kind cause a Bitlocker Recovery. It is possible that the Windows update was not what caused this, because the PC Owner said earlier that day she experienced a BSOD, although it was likely not a Bitlocker BSOD. Perhaps the firmware update was unrelated to this issue, and it is being caused by another glitch? I performed almost nothing to this PC besides the Win updates, i installed nothing, uninstalled nothing, did almost no changes, and then this happened.

I disagree with your accessment that a UEFI update rollback could not solve this, because I have seen a similar approach work before. In the past, on a different pc, I had made a change to the EFI partition (not the UEFI firmware), and it caused the BitLocker recovery, but after I reverted the change, it resumed as normal. Do you know how to perform a rollback? On the Lenovo website for this model, it only offers 1 version of the UEFI, and that is the version I had updated to, so I have so far been unable to download the original version, which I would then need to learn how to flash the UEFI manually.
Hello,

When you go to the lenovo download page for your client's PC an copy the download link for the firmware, you can lower the package number by one to get the previous version.
They keep them on the server.
For mine e.g. https://download.lenovo.com/pccbbs/mobiles/n25uj39w.exe
I change 39 to 38 to have the older version.
Ciao, Han
 

My Computers

System One System Two

  • OS
    WIN 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Thinpad X1 Yoga 3gen
    CPU
    i7-8550U
    Memory
    16 GB lpddr3
    Screen Resolution
    2560x1440
    Hard Drives
    NVME SSD 2TB Samsung PM981
    Mouse
    Logitech M590
    Browser
    Firefox
    Antivirus
    Windows Security, Malwarebytes
    Other Info
    Acronis TrueImage 2019
  • Operating System
    Win 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo Tiny M920x
    CPU
    i7-8700T
    Memory
    32 GB DDR4
    Sound Card
    MOTU M4
    Monitor(s) Displays
    DELL P2418D
    Screen Resolution
    2560 x 1440
    Hard Drives
    NVME SSD 2TB Samsung PM981 SSD Sandisk 1T Sata
    NVME SSD 1TB Samsung PM981
    Mouse
    Logitech M590
    Browser
    Firefox
    Antivirus
    Windows Security, Malwarebytes
    Other Info
    Acronis TrueImage 2019

glasskuter

Well-known member
Pro User
VIP
Local time
9:22 AM
Posts
2,946
Location
Paris in the Lone Star State of Texas
OS
Windows 11 Pro 22H2 22621.819
you can lower the package number by one to get the previous version.
This is not always true with all computers. In some cases you can downgrade a bios, unless that bios you're trying to replace involved security issues. At least I am speaking from a Dell standpoint. There will be some occasions when the BIOS downgrade will not be allowed due to BIOS dependency, meaning the current BIOS has changes that cannot be downgraded. In such cases Dell will not allow a bios downgrade. I'm not exactly sure why. I think it's because Dell has their own motherboards. Though they use other third party hardware, the bios belong to Dell and they control whether one can be downgraded or not. Whether it is the same in all branded systems, I can not say.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.819
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Top Bottom