cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Lenovo Staff
Lenovo Staff
Posts: 5,658
Registered: ‎10-29-2009
Location: NC
Views: 8,609
Message 11 of 79

Re: X270 Bitlocker requests recovery key every time

Not sure what the problem could be, I haven't heard anyone else reporting this.

Try this:

1.  enter the recovery key so that you can boot to Windows

2.  suspend BitLocker

3.  resume BitLocker

4.  do you still get recovery prompt at every boot after this?

DRW1
Fanfold Paper
Posts: 8
Registered: ‎10-02-2015
Location: GB
Views: 8,591
Message 12 of 79

Re: X270 Bitlocker requests recovery key every time

Hi,

 

We have the same issue with Windows 7 (x64 Ent) on our T470s models using Legacy, TPM1.2.

Suspend / Resume bitlocker does not resolve the issue, nor does decrypt/encrypt. The issue does not seem to occur on reboots, but def on cold starts.

 

Any help appreciated, this has been going on a few weeks for us....

Lenovo Staff
Lenovo Staff
Posts: 5,658
Registered: ‎10-29-2009
Location: NC
Views: 8,588
Message 13 of 79

Re: X270 Bitlocker requests recovery key every time


@DRW1 wrote:

 

We have the same issue with Windows 7 (x64 Ent) on our T470s models using Legacy, TPM1.2.

Suspend / Resume bitlocker does not resolve the issue, nor does decrypt/encrypt. The issue does not seem to occur on reboots, but def on cold starts.

 


OK, I will check it here and let you know.  T470s + Win7 x64 + legacy boot + TPM 1.2

Are you using latest BIOS version 1.13?

DRW1
Fanfold Paper
Posts: 8
Registered: ‎10-02-2015
Location: GB
Views: 8,586
Message 14 of 79

Re: X270 Bitlocker requests recovery key every time

Hi, thanks for the quick reply - so far we have seen the issue on 1.07 (as shipped), also upgraded as far as 1.11 so far with same results. Will add 1.13 to test plan.
kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 8,577
Message 15 of 79

Re: X270 Bitlocker requests recovery key every time

We are still having this issue

Lenovo Staff
Lenovo Staff
Posts: 5,658
Registered: ‎10-29-2009
Location: NC
Views: 8,567
Message 16 of 79

Re: X270 Bitlocker requests recovery key every time

I could not reproduce any problem on T470s:

- Win7 x64 enterprise

- legacy boot mode

- TPM 1.2

- BIOS 1.13

 

Your description of the problem (recovery prompt at every reboot and/or cold start) sounds like you are using TPM 2.0 instead of TPM 1.2.  So can you please double-check that?  Please run tpm.msc, maximize the window, take a screenshot, and post it here.

 

Also, what errors are you seeing in Event Viewer related to BitLocker and TPM?

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 8,563
Message 17 of 79

Re: X270 Bitlocker requests recovery key every time

Anything related to X270 ?

Lenovo Staff
Lenovo Staff
Posts: 5,658
Registered: ‎10-29-2009
Location: NC
Views: 8,560
Message 18 of 79

Re: X270 Bitlocker requests recovery key every time


@kuvinod7 wrote:

Anything related to X270 ?


What errors are you seeing in Event Viewer related to BitLocker and/or TPM?

If you are using legacy boot, are you sure you are using TPM 1.2?

If you suspend/resume BitLocker, is the problem fixed after that?

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 8,548
Message 19 of 79

Re: X270 Bitlocker requests recovery key every time

We are seeing this in the Event Viewer

 

Bootmgr failed to obtain the BitLocker volume master key from the TPM because the PCRs did not match.

Bootmgr failed to obtain the BitLocker volume master key from the TPM.

 

The BIOS version we have is 1.14 and another device is 1.17. The issue is similiar on both the devices

 

Lenovo Staff
Lenovo Staff
Posts: 5,658
Registered: ‎10-29-2009
Location: NC
Views: 8,544
Message 20 of 79

Re: X270 Bitlocker requests recovery key every time


@kuvinod7 wrote:

We are seeing this in the Event Viewer

 

Bootmgr failed to obtain the BitLocker volume master key from the TPM because the PCRs did not match.

Bootmgr failed to obtain the BitLocker volume master key from the TPM.

 

The BIOS version we have is 1.14 and another device is 1.17. The issue is similiar on both the devices

 


If you suspend/resume BitLocker, is the issue fixed after that?  PCR mismatch is usually caused by making some HW/BIOS configuration change after enabling BitLocker the first time.  Then, suspend/resume BitLocker will reseal the encryption key to the current configuration.  So please try it.

Check out current deals!


Shop current deals

Top Kudoed Authors