none
how to relink bitlocker and TPM device after having used veracrypt encrypting process for systemdisk? RRS feed

  • Question

  • Hi,

    I don't know if this question has been asked already, but here it is:

    Since I've encrypted my system disk on my tablet with veracrypt, bitlocker is asking it's recovery key each time on boot because (what the error message says in eventviewer) it can't contact the TPM device anymore. I previously had encrypted my disk with bitlocker. Is there a way to relink bitlocker and the TPM device (still according to the error message) or is it just the bitlocker way to say that another encrypting software have changed the data?

    I need to say maybe that I'm not stuck, I have the recovery key recorded somewhere else and so I just need to type it in each time. It's just that it is not supposed to ask that at each boot.

    In the perfect scenario I would like that veracrypt is still used and so asking me at boot the password and then bitlocker would be still in use but not asking me for the recovery key. I don't see or understand why bitlocker can't verify the TPM device anymore just because veracrypt did encrypt the disk afterwards? 

    yes I'm under windows 10 Pro
    and there is no problem to use both togetehr. Bitlocker was encrypting the disk using the SSD encryption algorithm with the help of the TPM device and as planned, bitlocker wasn't asking for the recovery key because it was capable to use the TPM device for that at boot. Veracrypt have then be used to encrypt the disk in a software manner, it's very efficient using the AES algorithm, no problem of slowing down here. But then bitlocker was suddenly asking the recovery key after the veracrypt screen asking for the master password. 



    • Edited by vigilian Wednesday, March 6, 2019 10:50 AM language correction
    Wednesday, March 6, 2019 10:42 AM

All replies

  • Veracrypt modifies the boot loader. TPM chips watch the boot loader and if changed, they will ask for the recovery key - that's expected behavior.

    Why do you use both, BL and VC, if I may ask?

    Wednesday, March 6, 2019 12:45 PM
  • Hi vigilian,

     

    As Ronald mentioned above, there must be something modified by the veracrypt that compliance with the monitoring scope and then caused the recovery mode.

     

    You can also check examples of specific events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive for reference, following below link:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383583%28v%3dws.11%29#what-causes-bitlocker-recovery

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 7, 2019 10:14 AM
  • Hi vigilian,

     

    What is your current situation? Have you tried the suggestions provided above? Please remember to mark the replies as answers if they help, any other questions please feel free to post back. Thank you for choosing Microsoft.

     

    Best regards,
    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 11, 2019 8:21 AM
  • Hi vigilian,

     

    We haven’t heard from you for a couple of days, have you solved the problem? Would you mind letting me know the update of the problem? Please remember to mark the replies as answers if they help, any other questions please feel free to post back. Thank you for choosing Microsoft.

     

    Best regards,
    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 13, 2019 9:31 AM