cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ipodtrip1
Fanfold Paper
Posts: 6
Registered: ‎10-08-2017
Location: US
Views: 3,150
Message 71 of 79

Re: X270 Bitlocker requests recovery key every time

I have this problem on my T470S, I have the latest bios.

Under startup in the Bios in the Startup UEFI/Legacy Boot is set for Both 

UEFI First and Legency 2nd. Everytime I bootup the Windows 10 keeps asking for the encryption key. I had to decrypt the drive.

 

I tried changing it to UEFI only on the Bios as according to the thread indicates as a test to encrypt the drive again and reboot to see if that would happen again.

 

But when I bootup I now kept getiting the boot menu and showing ATA HDD0 Curicial_CT525MK300SSD and then PCI LAN and not into Windows 10

 

I changed everything back, can anyone give me the right setting in the bios for my to use bitlocker and not enter the key everytime I reboot the computer.

 

 

Lenovo Staff
Lenovo Staff
Posts: 5,655
Registered: ‎10-29-2009
Location: NC
Views: 3,131
Message 72 of 79

Re: X270 Bitlocker requests recovery key every time

 
It sounds like you have Win10 installed in legacy mode.  To confirm it, boot to Windows and run msinfo32.exe, then look for "BIOS Mode" in the list on the right.  What do you see?  For Win10, this needs to be UEFI.
ipodtrip1
Fanfold Paper
Posts: 6
Registered: ‎10-08-2017
Location: US
Views: 3,114
Message 73 of 79

Re: X270 Bitlocker requests recovery key every time

I typed in the command in WIndows and it says Legency mode.

Does that mean I have to change the bios to UEFI and reinstall my WIndows 10.

Then try to bit lock the laptop and this will take care of the issue of Bitlocker asking for the key everytime I boot up.

 

Lenovo Staff
Lenovo Staff
Posts: 5,655
Registered: ‎10-29-2009
Location: NC
Views: 3,110
Message 74 of 79

Re: X270 Bitlocker requests recovery key every time

Correct - reinstall Win10 in UEFI mode and then try BitLocker again.  Win10 should never be installed in legacy mode.

 


ipodtrip1
Fanfold Paper
Posts: 6
Registered: ‎10-08-2017
Location: US
Views: 3,090
Message 75 of 79

Re: X270 Bitlocker requests recovery key every time

that worked thanks for your help.

RBHOL
Paper Tape
Posts: 3
Registered: ‎12-11-2017
Location: US
Views: 2,663
Message 76 of 79

Re: X270 Bitlocker requests recovery key every time

Hi there, having essentially the same problem here on multiple machines and the posted solutions do not seem to apply. Of note is that rebooting a computer is fine, but shutting it down and turning it back on puts it into Recovery mode.

 

-Lenovo T470s W10DG (20JT)

-Windows 7 Enterprise x64

-Legacy BIOS

-BIOS versions 1.14, 1.19 and 1.20

 

Event log for one of these states the same:

 

"Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match."

 

This issue does not occur on our T470s with Windows 10, or any other model in Windows 7 (T460s, T450s, T440p, T430 and correspond X models)

 

 

 

Lenovo Staff
Lenovo Staff
Posts: 5,655
Registered: ‎10-29-2009
Location: NC
Views: 2,658
Message 77 of 79

Re: X270 Bitlocker requests recovery key every time

RBHOL

 

With legacy BIOS you must be running TPM 1.2, because TPM 2.0 is not supported in legacy.

The way to debug this is with my tool readPcr.exe:  https://www.dropbox.com/s/mxl53f2dpl5vuwn/readPcr.zip?dl=0

 

After booting to Windows without a recovery prompt, run readPcr.exe (from admin command prompt) and capture the output.  Then boot to Windows after the recovery prompt (and entering the recovery key) and run it again.  Figure out which PCR is changing and we can go from there.

RBHOL
Paper Tape
Posts: 3
Registered: ‎12-11-2017
Location: US
Views: 2,653
Message 78 of 79

Re: X270 Bitlocker requests recovery key every time

Cheers someotherguy. These machines have been set to TPM 1.2, will proceed with your steps and report back when I can.

Alfredf
Paper Tape
Posts: 4
Registered: ‎01-03-2018
Location: IL
Views: 2,488
Message 79 of 79

Re: X270 Bitlocker requests recovery key every time

disable TPM boot the machune up afew times so it will "accept" the HW changes and then reanable the TPM 

use the CMD admin rights   to disable  protectors 

Check out current deals!


Shop current deals

Top Kudoed Authors