Bitlocker

Owned by Ryan Drescher
Last updated: Oct 15, 2024
2 min read

 

What is Bitlocker?

Bitlocker is the disk encryption system which is employed on all university Windows computers. If your computer falls into the wrong hands, disk encryption will prevent the data on the drive from being readable by another user or computer.

 

How do you “unlock” a computer that is protected by Bitlocker?

  • Authorized users on the system are configured such that their account passwords will unlock the drive. That is one reason why a “strong” password is required for your netid account.

  • As a failsafe, Bitlocker software also generates a rotating 48-digit encryption key that can be used to unlock a system in case of an issue

 

Where are Bitlocker encryption keys stored?

The encryption keys are stored on SU’s servers, and are accessible only by certain IT staff with a physical smart card access requirement.

 

Why do I see the Bitlocker Recovery screen?

There are several reasons your computer may become “locked” and will require entering the encryption key:

  • A user password was entered incorrectly, several consecutive times (protection against brute force login attempts)

  • Certain hardware, firmware or software updates (Bitlocker may incorrectly assume the hard drive was removed and placed in another computer)

  • Problems with the TPM (hardware component that controls Bitlocker). This component has a self-contained “operating system” of its own that can experience issues.

 

How can I recover from the Bitlocker Recovery screen?

It depends on the source of the problem. If an incorrect password was entered too many times, or there was a hardware/software error, you will need intervention from IT to provide the encryption key.

  • If a TPM issue caused the lock, you may be able to bypass the recovery screen by “resetting” the TPM using the steps below:

    1. Starting with the device powered on, at the Bitlocker Recovery screen, unplug all cables especially the power or charging cable.

    2. Press and hold the computer’s “power” button for a full 15 seconds (continue holding after the computer turns off)

    3. Plug all cables back in and attempt to power on

  • If you still experience the issue, please notify Tech Services (ischoolit@ot.syr.edu)