Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
sneakymoose
Posts: 14
Registered: ‎08-17-2011
Location: Arizona
0
Accepted Solution

Re: BitLocker on X220 with UEFI boot?

My X220 has BIOS 1.21 and a Windows 7 x64 installation with UEFI, and until recently, was using BitLocker drive encryption for two drives (mSATA SSD boot disk and 320gb magnetic data disk). A few days ago, I shrunk the 320gb partition to free up some space for the Windows 8 Developer Preview. I wanted to have this installed as a dual boot option with Windows 7.

 

I suspended BitLocker to do the Windows 8 installation. That install didn't go so well -- I tried starting the install from within Win 7 since I don't have dual layer media and can't seem to get a thumb drive to boot while in UEFI mode on the X220. Anyway, upon resuming BitLocker and then rebooting, I get prompted for the BitLocker recovery key, every time!

 

I tried all sorts of things: Decrypting both drives then re-encypting. Getting rid of the failed Windows 8 partition and expanding back D: to its original size. Manually clearing the Windows Setup entry (via bcdedit) that the Win 8 installer left behind. Clearing and re-initializing the TPM. Disabling the TPM in BIOS and then re-enabling. No go! Everything "seems" to work until I have the computer reboot while its drives are encrypted (while the key is not suspended), at which point I am always prompted for the recovery key.

 

I tried the option which verifies system integrity (through a reboot test) before beginning encryption. This results in the following error dialog which appears twice at the next startup:

 

Title: BitLocker Drive Encryption

Headline: BitLocker could not be enabled.

Message: The BitLocker encryption key cannot be obtained from the Trusted Platform Module (TPM). C: was not encrypted.

 

In the System event log, I see the following events logged for this problem from BitLocker-Driver:

 

Event ID 24636: Bootmgr failed to obtain the BitLocker volume master key from the TPM.

Event ID 24641: An unexpected error was encountered attempting to retrieve the BitLocker volume master key during restart.

 

If I tell BitLocker to do the system check before encrypting, then I get the above two errors plus a warning:

 

Event ID 24609: A key was not available from required sources during restart.

 

Has anyone got an idea of how I may restore my X220's TPM functionality? This is driving me nuts...

 

Thanks!

What's DOS?
keylimesoda
Posts: 1
Registered: ‎09-22-2011
Location: Washingont
0

Re: BitLocker on X220 with UEFI boot?

[ Edited ]

I've run into the same issue.

My guess is that the Windows 8 boot manager cannot properly interact with the TPM through UEFI on the most recent X220 BIOS version.

I suspect that whatever UEFI/Bitocker fix Lenovo made in the 1.21 BIOS only works for the Windows 7 boot manager, and when you installed Windows 8, it moved to a newer boot manager.

For myself, I'm giving up on UEFI for the time being.  I'm going to reinstall both OS using legacy BIOS for now and wait for another UEFI update from Lenovo once they start playing with Windows 8.

Lenovo Staff
someotherguy
Posts: 2,568
Registered: ‎10-29-2009
Location: NC

Re: BitLocker on X220 with UEFI boot?

Looking through some internal release notes it appears that a problem with bitlocker and windows 8 has been fixed.  The BIOS (version 1.25) is currently undergoing internal testing and will be released probably during November.

Punch Card
sneakymoose
Posts: 14
Registered: ‎08-17-2011
Location: Arizona
0

Re: BitLocker on X220 with UEFI boot?

Excellent news! I look forward to being able to use BitLocker again!

Token Ring
orion9727
Posts: 220
Registered: ‎11-01-2011
Location: boston
0

Re: BitLocker on X220 with UEFI boot?

bitlocker requires a special hiddin partition.
thats how it works.
change that loose it.

again preview is really just what the name says.
it really for people to get a indea if they want to work on 8.
the beta comes in jan thats what i been told.
again wn 8 is still in design and i expect zero surport untill the day the beta starts thats when the hardware makers begin to own it.
a preview is to get them onboard.
help them decide what there going to do and have the surport ready to start then.
no hardware maker is goning to surport a product that still in design that can change at any time.
i do expect things that work on 7 to work on 8 pretty much.
Punch Card
sneakymoose
Posts: 14
Registered: ‎08-17-2011
Location: Arizona

Re: BitLocker on X220 with UEFI boot?

orion9727,

 

I understand all this, but on the other hand:

 

1. I am a developer. Windows 8 Developer Preview was also intended for people like me (not just hardware manufacturers).

2. I installed it to a secondary hard drive -- it affected my ability to boot from the encrypted Win 7 drive, which caught me by surprise. There is no reasonable solution to get it working again, aside from Lenovo's claimed upcoming firmware update or purchasing a separate ThinkPad for use with Win 8.

3. I posted the issue here to ensure that Lenovo has plans in place to test their support for BitLocker usage in the scenario I described, with hopes that it will eventually be fixed.

4. I'm very pleased that Lenovo will have the fix published in the next month or so.

 

For now I am using TrueCrypt to protect my documents, but this is far less ideal for me.

Lenovo Staff
someotherguy
Posts: 2,568
Registered: ‎10-29-2009
Location: NC

Re: BitLocker on X220 with UEFI boot?

The X220 that fixes the Windows 8 bitlocker issue has been released, please see:

 

http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj13us.exe
http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj13us.txt
http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj13uc.iso
http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj13uc.txt

 

The release notes don't specifically list the fix because we aren't supposed to be mentioning Windows 8 things in official technical documentation, yet.

 

I haven't tested the fix myself, but if you do, please let me know if it solves your problem.

Punch Card
sneakymoose
Posts: 14
Registered: ‎08-17-2011
Location: Arizona

Re: BitLocker on X220 with UEFI boot?

This 1.25 BIOS has fixed my BitLocker TPM woes!

 

Thanks!