What Triggered this Bitlocker Screen?

very_452001 · Feb 29, 2024

Hello,

I enabled Bitlocker on my laptop within the last month then all of a sudden today when I turned on my laptop on I get the following screen:

I have the recovery key and managed to log into the windows no problem.

The question is how do I check whether the Secure Boot Policy has been tampered with or has been compromised? What has caused the secure boot policy to 'Unexpectedly' changed? How do I check what was the change in Secure Boot? Otherwise why would I get this screen out of the blue today? What has triggered this screen to randomly just pop up weeks after enabling Bitlocker? Is this Ransomware or a hacker trying to key log record my typing the key out?

Or I am being paranoid and something else triggered it like window update or something? Has windows update messed up my secure boot or secure boot keys or something?

CSharpDev · Feb 29, 2024

You didn't change the OS disc did you?

idgat · Feb 29, 2024

very_452001 said:
What has triggered this screen to randomly just pop up weeks after enabling Bitlocker?

Has something changed?

Why do you use Bitlocker?

andrew129260 · Feb 29, 2024

Did you have a bios update or a drive firmware update?

Check windows update history

Fabler2 · Feb 29, 2024

Check Windows update for a recent firmware update.

glasskuter · Feb 29, 2024

This is per MS.
The following list provides examples of common events that cause a device to enter BitLocker recovery mode when starting Windows:

Entering the wrong PIN too many times
Turning off the support for reading the USB device in the preboot environment from the BIOS or UEFI firmware if using USB-based keys instead of a TPM
Having the CD or DVD drive before the hard drive in the BIOS boot order (common with virtual machines)
Docking or undocking a portable computer
Changes to the NTFS partition table on the disk
Changes to the boot manager
Turning off, disabling, deactivating, or clearing the TPM
TPM self-test failure
Upgrading the motherboard to a new one with a new TPM
Upgrading critical early startup components, such as a BIOS or UEFI firmware upgrade
Hiding the TPM from the operating system
Modifying the Platform Configuration Registers (PCRs) used by the TPM validation profile
Moving a BitLocker-protected drive into a new computer
On devices with TPM 1.2, changing the BIOS or firmware boot device order

idgat · Feb 29, 2024

The pitfalls of (possibly unnecessarily) using Bitlocker. With all deference to the OP, but I never cease to be amazed at the number of users I come across who use Bitlocker because ..
- Windows asked/told me to
- protect my files from accidental deletion
- got some valuable stuff I don't want to lose
- it's cool to be able to say my drive in encrypted
- and so on, absolutely no security related valid reason(s)

antspants · Feb 29, 2024

I have had this screen on an old laptop that I didn’t realise had Bitlocker enabled, after entering the BIOS for no particular reason. It was annoying because the retrieval of the recovery key involved me going mental.

wiganken · Mar 1, 2024

idgat said:
Why do you use Bitlocker?

Totally agree with @idgat. Just disable it unless there are very strong reasons to keep it enabled. As @glasskuter showed, there are too many things that can mess things up if it is enabled.

Try3 · Mar 1, 2024

antspants said:
going

Going???

All the best,
Denis

pparks1 · Mar 1, 2024

my work computers are bitlockered......rarely if ever have any issues....And we have 15,000+ laptops in our fleet.

idgat · Mar 1, 2024

pparks1 said:
my work computers are bitlockered

And that, as a general rule, has some security merit. But general use home computers, ....?

andrew129260 · Mar 1, 2024

idgat said:
And that, as a general rule, has some security merit. But general use home computers, ....?

To be fair, it is a laptop and if they carry or use it in public it would make sense to have it enabled. Plus even a desktop at home could be stolen if your house is broken into. If it makes it a little harder to get into the system I think it's worth doing. I have had bitlocker on all my machines and never experienced anything negative in regards to side effects from it. Granted, I have all oem machines, nothing custom built. So bios updates and the like never cause any strange issues. I also have the bios locked down with a password as well.

very_452001 · Mar 6, 2024

CSharpDev said:
You didn't change the OS disc did you?

No I don't have a optical disc drive.

very_452001 · Mar 6, 2024

andrew129260 said:
Did you have a bios update or a drive firmware update?

Check windows update history

No cant see any.

very_452001 · Mar 6, 2024

Fabler2 said:
Check Windows update for a recent firmware update.

Can a firmware update mess up secure boot in any way?

What is secure boot policy?

Try3 · Mar 6, 2024

CSharpDev said:
You didn't change the OS disc did you?

very_452001 said:
No I don't have a optical disc drive.

That question was intended to mean, "You haven't changed the disk in which your Windows operating system is installed, have you?".

Denis

very_452001 · Mar 6, 2024

idgat said:
And that, as a general rule, has some security merit. But general use home computers, ....?

The Bitlocker version used for office/work computers is different & to the version of bitlocker used at home?

very_452001 · Mar 6, 2024

andrew129260 said:
To be fair, it is a laptop and if they carry or use it in public it would make sense to have it enabled. Plus even a desktop at home could be stolen if your house is broken into. If it makes it a little harder to get into the system I think it's worth doing. I have had bitlocker on all my machines and never experienced anything negative in regards to side effects from it. Granted, I have all oem machines, nothing custom built. So bios updates and the like never cause any strange issues. I also have the bios locked down with a password as well.

You mean for example someone builds a custom gaming pc then bitlocker can cause probs on it? You mean OEM windows?