Further to our previous post on how to stop the BitLocker recovery boot loop, there are situations that may require a little more work to fix as oppose to simply decrypting and encrypting the drive again.
In todays post I will take you through uninstalling the TPM (Trusted Platform Module) driver and then re-enabling the BitLocker.
Note: Because I’ve touched on this subject already, I won’t be showing you how to enable or disable the BitLocker in this post. Instead I will just be uninstalling the driver, if you’re not sure how to disable or enable BitLocker on your machine then click the links above to find out how.
Now let’s get into it! The first thing you will need to do is disable the BitLocker, once that has been done you will need to open ‘Device Manager‘ as an admin and look for ‘Security Devices‘.
In there you will find your ‘Trusted Platform Module‘, simply click that and then click the red cross at the top of the window to uninstall it.
Note: You may need to click ‘View > Show hidden devices‘.
Now restart your machine and enable BitLocker. This should sort out any issues with the TPM data that may have become corrupt in some way causing you to have to enter the recovery key all the time.
So you turn on your computer to find yourself stuck in a BitLocker boot loop, oh no! Don’t worry, it’s an easy fix providing you have the Windows BitLocker recovery key!
So windows is asking for a BitLocker recovery key every time you boot up your machine? Not a problem, the first thing you need to do is to unlock it by typing in the recovery key, this can be found depending how you saved it:
You printed it off.
You saved it to a file somewhere.
If you’re using Active Directory it’s likely it’s been setup so you can find it under the computer on there.
Disable Windows BitLocker
Assuming you’re in, the first thing we want to do is decrypt Windows BitLocker, you want to head over to ‘This PC‘ and ‘right click‘ your encrypted drive, ‘left click‘ on ‘Manage BitLocker‘.
Once on the ‘BitLocker drive encryption‘ screen comes up, click on ‘Turn off BitLocker‘ to disable windows BitLocker drive encryption on your selected device.
Now you just need to confirm you want to deactivate Windows BitLocker by clicking on ‘Turn off BitLocker‘.
Simply wait for the drive to decrypt.
Enable Windows BitLocker
Note: Before this step, I would recommend booting into your BIOS and enabling ‘TPM‘ (Trusted Platform Module), it will likely be in the ‘Security‘ tab.
Afterwards we want to enable Windows BitLocker, you will first need to go back to ‘This PC‘ like you did at the start of the guide, right click the drive you want to encrypt and click ‘Turn on BitLocker‘.
Next you will be taken through a number of settings pages, you will want to choose the options based on your requirements.
When it comes to backing up the recovery key I would recommend saving it to a file and saving it somewhere secure. Furthermore when choosing how to unlock your drive at startup, I have decided to go with the bottom option ‘Let BitLocker automatically unlock my drive‘ as it is what we use here, it uses TPM to unlock the machine automatically.
If you get the two screens that I mentioned you might not get, you will likely get this screen after restarting it, simply press F10 to enable and activate TPM.
And that’s all there is to it! Not only have we covered BitLocker enabling, we’ve also covered how to disable it which will sort out your computer when BitLocker keeps asking for recovery keys!
If this post doesn’t help, we have another post here that might help!
Disable the Windows BitLocker encryption, let it decrypt, then restart the machine and re-encrypt the drive by enabling BitLocker.