Occasionally one might need to boot into an application that requires CMS mode in BIOS to be enabled (like SpinRite.) Since most Windows modern installation are UEFI with Secure Boot, this requires BIOS changes.
This question is about switching back from CMS-mode to UEFI boot mode (after having wrapped the CMS-booted application work) and dealing with an unexpected issue.
Before:
Altering BIOS settings while Microsoft Windows has a BitLocker encrypted system drive is asking for trouble, so the encryption was temporarily suspended in order not to trigger any protection mechanism.
In this BIOS a save profile was used to save and restore settings.
A RecoveryKey protector was also added to the system drive, just in case.
* The bios settings were changed and CMS-booted drive work was performed. *
After:
- After doing the CMS-booted work, the previously saved bios setting profile were restored.
- Windows loaded fine. (BitLocker was still suspended.)
- BitLocker protection was continued after logging into Windows.
- After another reboot the system did accept my BitLocker PIN (TPMandPIN) but it did not load Windows (or bootloader).
- It reboots and finally asks for the PIN again. (If you use unlock by TPM-only: boot-loop.)
(I ran into this problem and was banging my head against the wall. Sharing it to save others time if anyone also ran into this issue).
Overview BIOS / Motherboard settings that were changed:
- Secure Boot
- CMS-Support
- Fast Boot
- Boot Order altered (did not really help.)
Take note that these settings were set back to their original setting before booting into Windows.
The questions:
a. How do I get back into Windows?
b. Which Bios setting is responsible? (Since we had to change things in there.)
c. Why is my BitLocker PIN accepted but Windows still fails to boot?
What could go wrong? (Reference)
- Windows can launch its intervention during boot trying to 'help' you when there is an boot issue.
- BitLocker can demand its Recovery Password or Recovery Key because it detected hardware changes.
- BitLocker can log several issues that it has trouble retrieving a master key.
- BitLocker can log VMK unsealing issues (TPM-related).
- You can get stuck in a boot-loop prior to getting into Windows.
- Your delete-key bashing was not registered this boot. Try again next time. Let me load BitLocker Recovery for you and after that Windows Boot recovery. Just because. To help you.
Details
- Windows 11 23H2, UEFI, Secure Booted
- TPM
- C: on NVMe; no quick unlinking