81
votes
Accepted
Does changing the encryption password imply rewriting all the data?
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, ...
- 465k
48
votes
Accepted
What does BitLocker actually encrypt and when?
Activating BitLocker will start a background process which encrypts all existing data. (On HDDs this traditionally is a long process as it needs to read and rewrite every partition sector – on self-...
- 465k
35
votes
Does changing the encryption password imply rewriting all the data?
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data....
- 26.2k
34
votes
Accepted
Is BitLocker useful in the case of stolen laptop?
It's generally useful. If you have automatic unlock, some systems might allow a determined attacker to bypass it, but it would take significantly more skill than just booting up a USB stick. However, ...
- 465k
32
votes
Is a volume with BitLocker "Waiting for Activation" encrypted or not?
To Turn BitLocker Off Without Activation
In case where you want to get rid of BitLocker encrpytion without activating it first use:
manage-bde c: -off
There is no other way to deactivate bitlocker ...
- 636
31
votes
Accepted
Cannot re-enable Bitlocker
The solution turned out to be very simple:
Open an elevated command prompt (search, cmd, right click and 'Run as administrator')
Go to C:\Windows\System32\Recovery\
Rename the file ReAgent.xml:
...
- 2,292
23
votes
Accepted
Is a volume with BitLocker "Waiting for Activation" encrypted or not?
The volume is encrypted but the encryption key is saved "in the clear"
The volume is indeed encrypted but BitLocker is "suspended." This means the Full Volume Encryption Key (FVEK) used to scramble ...
- 26.2k
20
votes
How to access a BitLocker-encrypted drive in Linux?
CryptSetup has added experimental support for BitLocker as of version 2.3.0 (February 2020), which is available in Ubuntu's repos for 20.10 Groovy onwards, although support will likely improve in ...
- 301
19
votes
Bitlocker Performance Impact on SSD
UPDATE: Some tests claim lower impact on modern hardware https://superuser.com/a/1637950/89990
On Dell Inspiron 15 7577 Intel i7-7700HQ Samsung 950 PRO 256GB NVMe Windows 10 64 bit NTFS I see ...
- 310
16
votes
Accepted
BitLocker takes days on an empty external disk / Is "Encrypt used disk space only" available on Windows 7?
Is the option "Encrypt used disk space only" available in Windows 7?
Unfortunately no. This option was introduced with Windows 8, as announced in the Microsoft TechNet Tip of the Day post BitLocker '...
- 26.2k
14
votes
Accepted
How to enable BitLocker when booting Windows 10 from a non-Microsoft boot manager?
Why is PCR7 binding not possible when booting Windows from other boot manager?
PCR7 is the register which logs all Secure Boot parameters – the full contents of PK/KEK/db, as well as the specific ...
- 465k
14
votes
Why would computer technician want my bitlocker key after GPU repair & SSD replacement? (Laptop)
This makes no sense whatsoever.
The BitLocker key is tied to the SSD. It has no relation to the Windows license.
New SSD doesn't have BitLocker. And when, after installing a fresh Windows, you encrypt ...
- 32k
13
votes
Accepted
Will clearing the TPM make BitLocker encrypted data unavailable?
tl;dr:
Is it safe to clear the TPM to reset the counter of wrong PIN
attempts?
Only if you have the BitLocker recovery key. If you clear the TPM, the encrypted drive will only be accessible ...
- 23.2k
13
votes
Windows BitLocker not offering unlock-by-password option
We'll actually look at a couple settings, make sure you have the following set, to completely disable TPM management and key use, and resort to password.
Open gpedit.msc.
Navigate to Computer ...
- 988
13
votes
Windows 10 reports "The drive protected by Bitlocker is already unlocked" but does not allow access to that drive through File Explorer
To fix:
Hit to open the Start menu;
Type: Bitlocker (don't worry about clicking anywhere before you type) then hit Enter;
You should see this menu:
Click "Turn off auto-unlock" for the affected ...
- 1,035
13
votes
How to diagnose and fix Starting Bitlocker "Access Denied" message?
Are you enabled BitLocker via RDP? If yes, please enable the following group policy:
Computer Configuration > Administrative Templates > System > Removable Storage Access > All Removable Storage > ...
- 228
12
votes
Accepted
How can I verify a Bitlocker recovery key?
You can also do a quick compare using a powershell command.
Open PowerShell as admin
Run manage-bde -protectors -get c:
Compare the password shown to the key you have saved.
- 4,750
12
votes
Is BitLocker useful in the case of stolen laptop?
This is the design scenario of the TPM chip.
An attack against the security of Bitlocker backed by the TPM (which it is if it auto-boots) must inherently be an attack against the system bus or RAM.
...
- 834
12
votes
Accepted
How to enable BitLocker system drive encryption on Windows 10 Home
So here we go..
Prerequisites
Disk with GPT (GUID Partition Table)
Dedicated TPM module (v1.2+) or enabled Intel PTT in BIOS (not sure
if AMD has such alternative)
Now how to check this ?
(Run all ...
- 331
12
votes
Accepted
Bitlocker "too many PIN entry attempts". Will it go away?
For TPM 2.0 devices (which is what you'd get in a 2018 laptop), this seems to be the most up-to-date description.
For systems with TPM 2.0, the TPM is configured by Windows to lock after 32 ...
- 465k
11
votes
Is it better to use Bitlocker or the built-in-drive-encryption that my SSD offers?
Old question, but since then several new developments have been found concerning Bitlocker and drive encryption (used either alone or in combination), so I will turn couple of my comments on the page ...
- 1,294
10
votes
BitLocker asking for protection code after Ubuntu installation
This issue is that Windows does not consider GRUB as a secure component. Thus, whenever you boot to Windows coming from GRUB, Windows considers the boot sequence might have been compromised, and ...
- 201
9
votes
Accepted
What identifier is meant in the Bitlocker recovery key document?
The identifier of the drive is generated when the drive is encrypted. This allows you, the end user, to identify which recovery key goes to which encrypted drive.
The reason the message says to "...
- 43.1k
9
votes
Windows 10 BitLocker on bootup presents just a blue screen but no password box or text.
The fix here worked for me:
Open a CMD session as Admin
Use the command bfsvc.exe %windir%\boot /v.
After a restart, the texts should reappear.
This fixed the issues for me.
- 543
9
votes
How to access BitLocker encrypted drive with Windows Subsystem for Linux
After unlocking the bitlocker volume/partition on Windows, execute on WSL:
sudo mount -t drvfs -o uid=1000,gid=1000 W: /mnt/w
- 91
9
votes
Windows 10 reports "The drive protected by Bitlocker is already unlocked" but does not allow access to that drive through File Explorer
I've had a similar experience, where the drive shows as locked, but selecting the drive reports the error "The drive protected by Bitlocker is already unlocked". After a small amount of ...
- 275
9
votes
BitLocker asking for protection code after Ubuntu installation
I solved this by going to "Bitlocker" --> "Suspend Encryption" --> Restart Windows 10 --> Select Windows bootloader in GRUB --> Windows 10 encryption was enabled again but it's not asking anymore for ...
- 91
9
votes
Accepted
Got a Warning For Enabling Firmware TPM
First of all, as the quoted text mentions, note that the same system volume can have multiple decryption keys added. In addition to a TPM-protected key, the system volume will usually have a numeric ...
- 465k
8
votes
Does Bitlocker allow you to restart your computer without entering a password?
You can suspend bitlocker for up to 15 Reboots at at time with Powershell.
Start a Powershell Shell with Admin Privliges and enter
Suspend-BitLocker -MountPoint "Drive" -RebootCount X
Where Drive ...
- 182
Only top scored, non community-wiki answers of a minimum length are eligible