Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
Posts: 14
Registered: ‎08-17-2011
Location: Arizona
0
Accepted Solution

Re: BitLocker on X220 with UEFI boot?

My X220 has BIOS 1.21 and a Windows 7 x64 installation with UEFI, and until recently, was using BitLocker drive encryption for two drives (mSATA SSD boot disk and 320gb magnetic data disk). A few days ago, I shrunk the 320gb partition to free up some space for the Windows 8 Developer Preview. I wanted to have this installed as a dual boot option with Windows 7.

 

I suspended BitLocker to do the Windows 8 installation. That install didn't go so well -- I tried starting the install from within Win 7 since I don't have dual layer media and can't seem to get a thumb drive to boot while in UEFI mode on the X220. Anyway, upon resuming BitLocker and then rebooting, I get prompted for the BitLocker recovery key, every time!

 

I tried all sorts of things: Decrypting both drives then re-encypting. Getting rid of the failed Windows 8 partition and expanding back D: to its original size. Manually clearing the Windows Setup entry (via bcdedit) that the Win 8 installer left behind. Clearing and re-initializing the TPM. Disabling the TPM in BIOS and then re-enabling. No go! Everything "seems" to work until I have the computer reboot while its drives are encrypted (while the key is not suspended), at which point I am always prompted for the recovery key.

 

I tried the option which verifies system integrity (through a reboot test) before beginning encryption. This results in the following error dialog which appears twice at the next startup:

 

Title: BitLocker Drive Encryption

Headline: BitLocker could not be enabled.

Message: The BitLocker encryption key cannot be obtained from the Trusted Platform Module (TPM). C: was not encrypted.

 

In the System event log, I see the following events logged for this problem from BitLocker-Driver:

 

Event ID 24636: Bootmgr failed to obtain the BitLocker volume master key from the TPM.

Event ID 24641: An unexpected error was encountered attempting to retrieve the BitLocker volume master key during restart.

 

If I tell BitLocker to do the system check before encrypting, then I get the above two errors plus a warning:

 

Event ID 24609: A key was not available from required sources during restart.

 

Has anyone got an idea of how I may restore my X220's TPM functionality? This is driving me nuts...

 

Thanks!