Home > Questions

How to Fix BitLocker Recovery Popping When Updating KB5012170?

When I upgrade the patch KB5012170 on my Windows 11, the BitLocker Recovery is popping frequently. Is there any solution to fix it? Thanks in advance.

Best Answered by

iBoysoft author Vain Rowe

Vain Rowe

Answered on Monday, February 19, 2024

Hi there, if the BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install. You can launch the Command Prompt to run certain command lines before you deploy the Secure Boot DBX on your Windows PC.

This security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the "Applies to" section. Key changes include the following:

1. Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.

2. A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.

3. This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.

When you encounter frequent BitLocker recvoery key pop-ups, read the following solutions to deal with it:

Scenario 1: For the device doesn't have Credential Gard enabled

On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle: Manage-bde –Protectors –Disable C: -RebootCount 1

Then, deploy the update and restart the device to resume the BitLocker protection.

Scenario 2: For the device has Credential Guard enabled

On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles:Manage-bde –Protectors –Disable C: -RebootCount 3

Then, you can deploy the update and restart the device to resume the BitLocker protection.

If you want to view the PCR7 binding status, just run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions.

Also read: How to Bypass BitLocker Recovery Screen Asking Recovery Key?

People Also Ask

Read More Questions

Read More Advice From iBoysoft's Computer Experts

recuperar archivos borrados o perdidos de un disco cifrado con BitLocker

Recuperar archivos eliminados o perdidos de una unidad cifrada BitLocker

Acerca de cómo recuperar archivos eliminados o perdidos de una unidad cifrada BitLocker. Indique si es posible recuperar datos de la unidad BitLocker sin una clave.

BitLockerドライブから削除または消失したファイルを回復する

BitLocker暗号化ドライブから削除または紛失したファイルを回復する方法

BitLocker暗号化ドライブから削除または紛失したファイルを回復する方法について。キーなしでBitLockerドライブからデータを回復できるかどうかを説明します。

Die mit BitLocker geschützte Festplatte ist bereits entsperrt

[Behoben] Das mit BitLocker geschützte Laufwerk ist bereits entsperrt

Haben Sie das Problem 'Das mit BitLocker geschützte Laufwerk ist bereits entsperrt', jedoch ist es immer noch nicht zugänglich? Wenn ja, zögern Sie nicht und lesen Sie diesen Artikel zur Fehlerbehebung.