Bitlocker is a data encryption tool in Windows that’s used to encrypt drives. Encrypted drives can only be accessed with the correct key, which is released by the Trusted Platform Module (TPM) while booting.
The TPM only releases this key if the hardware and software profiles match the initial setup. If the profiles do not match, you are shown the Bitlocker recovery console, which asks for the recovery key. As long as the initial and current profiles don’t match, Bitlocker keeps asking for the recovery key.
Aside from this, changes in boot drive preferences, buggy BIOS, or incorrect configuration of the decryption key and Platform Configuration Register (PCR) settings are other possible reasons for this problem.
How to Fix Bitlocker Asking Recovery Key on Each Boot?
Suspending and Resuming Bitlocker before attempting to make hardware or firmware changes on the system will save you from the prompt asks for the recovery key.
If you’re unaware of the recovery key, you may get stuck within the Bitlocker recovery setup. To get past the setup in such a scenario, you may find your recovery key within yourMicrosoft accountusing any other computer to log in.
The discussed problem was confirmed to be occurring due to buggy BIOS. In some cases, olderversions of BIOSwere found incompatible with the TPM hardware module. Motherboard manufacturers tend to resolve such bugs and incompatibilities with updates.
Therefore, you may tryupdating BIOSin order to fix the issue.
On many systems,specific OEM tools can be downloadedand used to ease this firmware updating process. Acer care center, Dell Support Assist, etc are some examples of OEM applications for the purpose.
Change BIOS Configuration
The USB Type-C and Thunderbolt cable connection havedefault boot support on BIOS.So, if you have connected any I/O device on your system using those cables, the BIOS is going to list it in the boot priority list and consider it as a change in system.
Bitlocker will automatically ask for the recovery key to log in. To fix it, Boot support for USB type-C and TBT cable can be disabled from BIOS unless really needed.
Sometimes, the saved hardware/software profile won’t get updated within the PCR of TPM. So, each boot would be flagged as change in hardware profile, requiring the recovery key to gain access.
Decrypting and then,encrypting the driveafterward fixes the temporary glitch. Normally, running themanage-bde –protectors –disable C:andmanage-bde –protectors –enable C:commands in admin-privileged Command Prompt would resolve the issue.
However, you may try changing BitLocker settings from the Group Policy Editor to ensure further resolution of the issue.
