This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 72%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi Guys,
I have a Win 10 build 17763 lenovo machine that has a tpmv1.2 chip and os drive is bitlocked.
I am able to reboot the machine into safe mode without being prompted for a recovery key, whereas a colleague of mine has a TPM v2.0 machine and he is asked for a recovery key when booting into safe mode.
So it seems this could be a TPM version issue but could someone please confirm or point me to the documentation about this?
Thanks
I hope that you are aware that there's a difference between having a TPM and using it with Bitlocker.
I guess you have not used the TPM but a different type of protector (=password or USB stick) - then, no recovery key is being asked for (but of course, the pw or usb key is being asked for!).
Thanks for your comment
I am not being prompted for usb or password either.
Volume C: [OSDisk]
[OS Volume]
Size: 229.60 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: AES 256
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 2%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
I agree with Jenny: Make sure that secure boot is active.
Thanks, I tried but still no prompt. Boots straight into safemode login screen.
Hi,
We have not get information from you for several days.
If the reply is useful for you, please accept as answer. It will be helpful to other members who have same questions.
If you have any other confuse, please reply to us directly.
@defender2021
Hi,
I think it has something to do with whether you enable BitLocker.
BitLocker locks the drive if you go into safe-mode. That is a normal function to protect your data.
If you are not asked to enter a recovery key, you may not have BitLocker enabled.
The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.
For your reference:
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Jenny
Thanks for your reply
Bitlocker is enabled, drive is fully encrypted with protector as TPM + Numerical password
See below
Volume C: [OSDisk]
[OS Volume]
Size: 229.60 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: AES 256
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
This seems to be a system bug.
Hi,
You could go into the bios settings and enable secure-boot, then save the settings and reboot the system
Hi Jenny
I tested again today with Secure-boot Enabled as you suggested (it was disabled before) but the result was the same.
Machine boots straight to windows login.
Although I am not using a Dell, I tried suggestions in the below article (both with Secure boot enabled / disabled) and it didn't make a difference either.
Hi,
How did you enable BitLocker? Have you stored the recovery key?
You can refer to the following link to confirm the difference between version TPM v1.2 and TPM v2.0
TPM and Windows Features
https://learn.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations
TPM v1.2 does not support Device Encryption.
Device Encryption is the consumer version of BitLocker, and it uses the same underlying technology. How it works is if a customer logs on with a Microsoft account and the system meets Modern Standby hardware requirements, BitLocker Drive Encryption is enabled automatically in Windows 10.
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hey Jenny, it's enterprise-grade os and the key is escrowed to our mbam portal, which I already used after bios secure-boot update of the bios.
I have started a conversation via OEM support channel too.
Hi,
Looking forward to your feedback, I think it has little to do with the version.
Also, please check the following gpo:
Computer configuration\Administration models\Windows components\BitLocker drive encryption\Operating system drives
Enable Require additional authentication at startup
Enable Enable use of BitLocker authentication requiring preboot keyboard input on slates
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.