2

I have two operating systems on my laptop. First Ubuntu and second Windows 10 with BitLocker encryption. The laptop doesn't have TPM so BitLocker is decrypted with a password on every Windows boot. But something goes wrong with Windows 10 and now it keeps asking me for a recovery key, which I don't have because I don't save it. It looks like this:

  1. In GRUB I choose Windows to boot it.
  2. Windows asking me for a password to unlock the drive with a password. I typing password
  3. Windows starts booting with text on the bottom screen that the system is trying to recover.
  4. Windows is asking me for the recovery key

I forgot to save the recovery key when installing Windows 10. But I can easily decrypt the partition with dislocker and password in Linux. I see all files.

On Windows, there's a command to get a recovery key

manage-bde -protectors C: -get

Is it possible to get the recovery key from Linux? Or disable BitLocker completely from Linux on Windows partition?

Improve this question
1
  • You are lucky that dislocker works. My suggestion would be to extract all files you want to keep and then erase and reinstall Windows. And this time save the recovery key and even more important make a full backup regularly.
    – Robert
    Commented May 11, 2022 at 20:59

1 Answer 1

Reset to default
2

That was quick. Unfortunately, I can't do it from Linux but I can recover recovery keys from Hirens BootCD PE. I prepared a USB drive with Hirens from Linux.

  1. I formated a USB drive to FAT.
  2. Mount Hirens ISO
  3. Copy all files from ISO to FAT USB drive.

Next, I boot the laptop from the USB drive and used the command line (cmd.exe).

manage-bde -status

gives me information about encrypted drives.

manage-bde -unlock C: -Password

Program asks me for a password and unlocks the drive. Then I used the command from the question to get the Numerical Password which can be used as a recovery key.

But after unlocking and getting the recovery password something magic happens 🧙‍♀️ After reboot to Windows it stops asking me for recovery keys and drives are still using BitLocker.

After all, I created a recovery key file on USB and backed it up.

Improve this answer
5
  • 2
    The reason it’s stops asking for your recovery key is because you disabled BitLocker protection and puts the encryption key on the disk. “Disables protection, which will allow anyone to access encrypted data by making the encryption key available unsecured on drive. No key protectors are deleted”
    – Ramhound
    Commented May 11, 2022 at 23:34
  • Nope. I didn't disable Bitlocker. After rebooting to Windows installed on the hard drive I was asked by the system to enter the Bitlocker password. I didn't need to enable Bitlocker because it was already enabled. I didn't save the recovery key on the hard disk but on a USB drive while I was using Hirens (live Windows system). I suspect that when I unlock and mount encrypted partition while using Hirens Windows PE repair file system somehow.
    – QkiZ
    Commented May 12, 2022 at 18:17
  • BTW manage-bde -unlock only unlocks disk. manage-bde -off disable bitlocker completely.
    – QkiZ
    Commented May 12, 2022 at 19:59
  • Microsoft documentation on the command says you disabled it until the next reboot.
    – Ramhound
    Commented May 12, 2022 at 22:07
  • Lol, of course. This is how unlock works. If I start the system normally from an encrypted drive, no matter if it's Windows or Linux, the drive is unlocked till next reboot. If I disabled Bitlocker completely as you said in the first comment Windows will not ask me for a password on every boot, until I will enable it again. Next thing is that Windows kept asking me for recovery on every boot before I used Hires because it got broken somehow. It wasn't a one-time problem.
    – QkiZ
    Commented May 13, 2022 at 6:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .