Windows bitlocker drive encryption recovery key entry

Seen this discussed, and actually the DOS based bios update tool warns about it, but for whatever reasons the Lenovo team decided not to show that warning on the Windows tool.

As I did not have access to the recovery key due to it being the weekend and the internal IT being unavailable I had to look at alternative recovery solutions. The Windows bootup greets me with the message:
Windows Bitlocker Drive Encryption Recovery Key Entry
Enter the recovery key for this drive

Obviously the big question is: Will restoring to the old Bios version do the trick? The answer is YES.
Now let’s hope your vendor has a DOS/CD-ROM/Floppy disk based alternative to modify the bios, because that is what you will need as you are locked out of your Windows.

Since I do not own a CDR-Drive, I’ve chosen to use a USB stick instead.
I’ve used XBoot for this purpose and found it worked well, here is the process:
1.) Get XBoot and open the program.
2.) Drag and drop your .iso file into it, and in the wizard select: Grub4dos ISO Emulation
Unfortunately I’ve found you can only add one Grub4dos ISO Emulation .iso file successfully.
3.) Boot up the affected machine via this USB key and downgrade the BIOS.
4.) Success? If not you may have chosen the wrong bios version and want to replace the created .iso file on your memory stick with another bios version.
5.) Once you can boot again, Suspend Bitlocker encryption via the Control Panel, re-do the Bios upgrade and after the reboot resume Bitlocker.


One thought on “Windows bitlocker drive encryption recovery key entry

  1. We ran across this same situation — BIOS upgrade without suspending BitLocker and the volume recovery keys were not backed up to AD DS or manually — and resolved it the same way by downgrading the BIOS back to the original version.

    However, instead of building a bootable USB stick (via Rufus w/ FreeDOS or similar) and having to muck around with disabling SecureBoot, etc. just to be able to boot from the USB stick to downgrade the BIOS — we simply entered BitLocker recovery mode as normal and skipped all the drive recovery to get to the point where WinPE permits you to open a command prompt to the WinPE environment. We had booted with a USB stick (not from, but with it plugged in) that had the Dell A05 BIOS .exe on it and then executed it directly from the WinPE command prompt downgrading the BIOS just fine without having to build custom bootable USB sticks and horse around with SecureBoot (if that is enabled). If your OEM/BIOS vendor provides the ability to upgrade/downgrade BIOS via Windows executables this should save time.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s