BitLocker Recovery starts when OEMs perform firmware updates for TPM 1.2
This article provides a workaround for the issue where BitLocker Recovery starts when OEMs perform firmware updates for TPM 1.2.
Applies to: Windows 10 - all editions
Original KB number: 3184518
Symptoms
For Trusted Platform Module (TPM) 1.2, Windows does not know if the system is going through a firmware update. In this situation, the computer reboots into BitLocker Recovery.
To suspend protection, run the following command line:
manage-bde -protectors -disable c:
To resume protection, run the following command line:
manage-bde -protectors -enable c:
Workaround
For IT managers who are performing firmware updates for TPM 1.2 through Windows Update, make sure that you suspend BitLocker before you run the updates. This prevents BitLocker Recovery from starting.
More Information
Use TPM 2.0, as PCR 7 performs all these measurements automatically.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for