- #BITLOCKER DOWNLOAD REPAIR HOW TO#
- #BITLOCKER DOWNLOAD REPAIR INSTALL#
- #BITLOCKER DOWNLOAD REPAIR UPDATE#
- #BITLOCKER DOWNLOAD REPAIR PRO#
- #BITLOCKER DOWNLOAD REPAIR WINDOWS#
If you have installed a TPM or UEFI update and your device is unable to boot, even when the correct BitLocker Recovery Key is entered, you can restore the ability to boot by using the BitLocker recovery key and a Surface recovery image to remove the BitLocker protectors from the boot drive. Method 3: Remove protectors from the boot drive See "Deployment Options" at BitLocker Group Policy Reference for more information.
To change the PCR values used to validate BitLocker Drive Encryption:ĭisable any Group Policies that configure PCR, or remove the device from any groups where such policies apply. Resume BitLocker by using the Resume-BitLocker cmdlet as described in Method 1. Select Exit, and then Restart to reboot the device.
#BITLOCKER DOWNLOAD REPAIR PRO#
Suspend BitLocker by using the Suspend-BitLocker cmdlet as described in Method 1.īoot your Surface device to UEFI by using one of the methods defined in Using Surface UEFI on Surface Laptop, new Surface Pro, Surface Studio, Surface Book, and Surface Pro 4.Ĭlick Change Configuration under "Secure Boot." To enable Secure Boot on a Surface device that has BitLocker enabled: We strongly recommend that you restore the default and recommended configuration of Secure Boot and PCR values after BitLocker is suspended to prevent entering BitLocker Recovery when applying future updates to TPM or UEFI firmware. Method 2: Enable Secure Boot and restore default PCR values
#BITLOCKER DOWNLOAD REPAIR INSTALL#
Install Surface device driver and firmware updates.įollowing successful installation of the firmware updates, resume BitLocker by using the Resume-BitLocker cmdlet as follows: Where C: is the drive assigned to your disk Suspend-BitLocker -MountPoint " C:" -RebootCount 0 Open an administrative PowerShell session.Įnter the following cmdlet and press Enter: To suspend BitLocker for installation of TPM or UEFI firmware updates: A Reboot Count of 0 will suspend BitLocker indefinitely, until BitLocker is resumed through the PowerShell cmdlet Resume-BitLocker or another mechanism. So suspending BitLocker must be done through the Suspend-BitLocker cmdlet and using the Reboot Count parameter to specify a number of reboots greater than 2 to keep BitLocker suspended during the firmware update process. Note TPM and UEFI firmware updates may require multiple reboots during installation. You can avoid this scenario when installing updates to system firmware or TPM firmware by temporarily suspending BitLocker before applying updates to TPM or UEFI firmware by using Suspend-BitLocker. Method 1: Suspend BitLocker during TPM or UEFI firmware updates We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. This workaround to temporarily disable BitLocker may put the data at risk. Warning: BitLocker Drive Encryption helps you protect your organization’s sensitive information by encrypting the data. For more information see "About the Platform Configuration Register (PCR)" at BitLocker Group Policy Settings. On such systems, if the TPM with PCR 7 and Secure Boot are correctly configured, BitLocker binds to PCR 7 and PCR 11 by default.
Note PCR 7 is a requirement for devices that support Connected Standby (also known as InstantGO or Always On, Always Connected PCs), including Surface devices. Note You can verify the PCR values that are in use on a device by running the following command from an elevated command prompt: For example, you install the Surface dTPM (IFX) update. You install a firmware update that updates the firmware of the device TPM or changes the signature of the system firmware. PCR values have been explicitly defined, such as by Group Policy. This behavior can occur in the following scenario:īitLocker is enabled and configured to use Platform Configuration Register (PCR) values other than the default values of PCR 7 and PCR 11, for example when: Your Surface device appears to be in an infinite reboot loop. You boot directly into the Surface Unified Extensible Firmware Interface (UEFI) settings.
#BITLOCKER DOWNLOAD REPAIR WINDOWS#
You encounter one or more of the following symptoms on your Surface device:Īt startup, you are prompted for your BitLocker recovery key, and you enter the correct recovery key, but Windows doesn’t start up. If you implement this workaround, take any appropriate additional steps to help protect the computer. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. You can make these changes to work around a specific problem.
#BITLOCKER DOWNLOAD REPAIR HOW TO#
Important: This article contains information that shows you how to help lower security settings or how to turn off security features on a computer.
0 kommentar(er)
