Further to our previous post on how to stop the BitLocker recovery boot loop, there are situations that may require a little more work to fix as oppose to simply decrypting and encrypting the drive again.
In todays post I will take you through uninstalling the TPM (Trusted Platform Module) driver and then re-enabling the BitLocker.
Disable BitLocker
Note: Because I’ve touched on this subject already, I won’t be showing you how to enable or disable the BitLocker in this post. Instead I will just be uninstalling the driver, if you’re not sure how to disable or enable BitLocker on your machine then click the links above to find out how.
Uninstalling TPM
Now let’s get into it! The first thing you will need to do is disable the BitLocker, once that has been done you will need to open ‘Device Manager‘ as an admin and look for ‘Security Devices‘.
Image of device manager showing the trusted platform module.
In there you will find your ‘Trusted Platform Module‘, simply click that and then click the red cross at the top of the window to uninstall it.
Note: You may need to click ‘View > Show hidden devices‘.
Re-enable BitLocker
Now restart your machine and enable BitLocker. This should sort out any issues with the TPM data that may have become corrupt in some way causing you to have to enter the recovery key all the time.
So you turn on your computer to find yourself stuck in a BitLocker boot loop, oh no! Don’t worry, it’s an easy fix providing you have the Windows BitLocker recovery key!
An image of BitLocker asking for recovery key dell.
So windows is asking for a BitLocker recovery key every time you boot up your machine? Not a problem, the first thing you need to do is to unlock it by typing in the recovery key, this can be found depending how you saved it:
You printed it off.
You saved it to a file somewhere.
If you’re using Active Directory it’s likely it’s been setup so you can find it under the computer on there.
Disable Windows BitLocker
Assuming you’re in, the first thing we want to do is decrypt Windows BitLocker, you want to head over to ‘This PC‘ and ‘right click‘ your encrypted drive, ‘left click‘ on ‘Manage BitLocker‘.
A file explorer window showing the Manage Bitlocker option.
Once on the ‘BitLocker drive encryption‘ screen comes up, click on ‘Turn off BitLocker‘ to disable windows BitLocker drive encryption on your selected device.
Now you just need to confirm you want to deactivate Windows BitLocker by clicking on ‘Turn off BitLocker‘.
BitLocker Drive Encryption asking if you want to turn off BitLocker.
Simply wait for the drive to decrypt.
BitLocker Drive Encryption decrypting drive to turn off windows BitLocker.
Enable Windows BitLocker
Note: Before this step, I would recommend booting into your BIOS and enabling ‘TPM‘ (Trusted Platform Module), it will likely be in the ‘Security‘ tab.
Afterwards we want to enable Windows BitLocker, you will first need to go back to ‘This PC‘ like you did at the start of the guide, right click the drive you want to encrypt and click ‘Turn on BitLocker‘.
A file explorer window showing the turn on Bitlocker option to enable Windows BitLocker.
Next you will be taken through a number of settings pages, you will want to choose the options based on your requirements.
When it comes to backing up the recovery key I would recommend saving it to a file and saving it somewhere secure. Furthermore when choosing how to unlock your drive at startup, I have decided to go with the bottom option ‘Let BitLocker automatically unlock my drive‘ as it is what we use here, it uses TPM to unlock the machine automatically.
Image of BitLocker Drive Encryption asking how you would like to unlock your drive at startup.
Image of BitLocker Drive Encryption asking how you want to backup your recovery key.
Image of BitLocker Drive Encryption asking how much of your drive to encrypt.
Image of BitLocker Drive Encryption asking which encryption mode to use.
Image of BitLocker Drive Encryption asking if you’re ready to encrypt the drive.
Image of the BitLocker drive encryption setup. You may not get this screen.
Image of the Bitlocker Drive Encryption screen with the TPM options. You may not get this screen either.
Image of BIOS asking for confirmation to enable, activate and allow creation of an operator authentication value.
If you get the two screens that I mentioned you might not get, you will likely get this screen after restarting it, simply press F10 to enable and activate TPM.
End
And that’s all there is to it! Not only have we covered BitLocker enabling, we’ve also covered how to disable it which will sort out your computer when BitLocker keeps asking for recovery keys!
If this post doesn’t help, we have another post here that might help!
Tl;dr
Disable the Windows BitLocker encryption, let it decrypt, then restart the machine and re-encrypt the drive by enabling BitLocker.
Technology Bunker 