Encrypted my system and need help decrypting

[Allen Turning]

I enabled bitlocker to encrypt my system drive, then I saved the key onto a usb.

Then I got bitlocker to encrypt that usb and put the key for that into my system drive.

Lastly, I did a BIOS update and now it cleared tpm. So bitlocker is now asking for a private key to decrypt my system.

Help!

[Needfuldoer]

Are your Bitlocker keys backed up anywhere else, or tied to a Microsoft account?

If not, I'm afraid there's nothing you can do. 

[Mumintroll]

You could check by logging into your Microsoft account and go to

https://account.microsoft.com/devices/recoverykey

 

 

...and if you really don't need Bitlocker then please disable it, most home users doesn't need it.

[Allen Turning]

8 minutes ago, Needfuldoer said:

Are your Bitlocker keys backed up anywhere else, or tied to a Microsoft account?

If not, I'm afraid there's nothing you can do. 

No, I havent saved the bitlocker keys to any microsoft account or anything. Just the usb

[Allen Turning]

Just now, Mumintroll said:

You could check by logging into your Microsoft account and go to

https://account.microsoft.com/devices/recoverykey

 

 

There is nothing there

[Mumintroll]

1 minute ago, Allen Turning said:

There is nothing there

Then there's nothing we can do, really....

[Needfuldoer]

1 hour ago, Allen Turning said:

No, I havent saved the bitlocker keys to any microsoft account or anything. Just the usb

 

1 hour ago, Allen Turning said:

There is nothing there

Press F to pay respects.

 

I'm afraid there's nothing you can do now but fresh install and restore from any backups you've got. Get a new system SSD if you feel uneasy about erasing your Bitlocker-ed drive so soon.

[Mumintroll]

And please don't use Bitlocker if you really don't need it.

[Allen Turning]

1 minute ago, Mumintroll said:

And please don't use Bitlocker if you really don't need it.

bro, im never using bitlocker again

[NumLock21]

On 9/7/2024 at 6:15 AM, Allen Turning said:

I enabled bitlocker to encrypt my system drive, then I saved the key onto a usb.

Then I got bitlocker to encrypt that usb and put the key for that into my system drive.

Lastly, I did a BIOS update and now it cleared tpm. So bitlocker is now asking for a private key to decrypt my system.

Help!

If you have saved your system drive's encryption key on to the USB. The USB is your private key, and has nothing to do with the TPM.

[Mark Kaine]

On 9/7/2024 at 2:57 PM, Allen Turning said:

bro, im never using bitlocker again

 

On 9/7/2024 at 2:55 PM, Mumintroll said:

And please don't use Bitlocker if you really don't need it.

the really crazy thing is... why did you bitlocker the usb too... i mean how'd you get the key when you actually need it?

 

 

That's besides the equally obvious question why does TPM "forget" its own key after a simply BIOS update and why aren't there any warnings...? 

[Mark Kaine]

On 9/26/2024 at 11:59 PM, NumLock21 said:

If you have saved your system drive's encryption key on to the USB. The USB is your private key, and has nothing to do with the TPM.

yeah,  it should still read the key, no?

but it's encrypted and it doesn't have the key so it can't read the key...

 

highly flawed system

[Mumintroll]

1 hour ago, Mark Kaine said:

 

the really crazy thing is... why did you bitlocker the usb too... i mean how'd you get the key when you actually need it?

 

 

That's besides the equally obvious question why does TPM "forget" its own key after a simply BIOS update and why aren't there any warnings...? 

 

On really old cars you could happen to lock the keys inside the car accidently

[Mark Kaine]

1 hour ago, Mumintroll said:

 

On really old cars you could happen to lock the keys inside the car accidently

haha yeah, that's indeed basically the same situation! 

 

Spoiler

except back then you could get back in really easy with a wire, Microsoft is just "nope!"

 

[NumLock21]

7 hours ago, Mark Kaine said:

yeah,  it should still read the key, no?

but it's encrypted and it doesn't have the key so it can't read the key...

 

highly flawed system

 I wouldn't say it's a highly flawed system, users needs to know what they are doing, so they do not locked themselves out of their own drives.

 

I've used BitLocker before and the way it works is, when the Windows drive is being encrypted, its decrypt key can be stored either on a TPM module or USB flash drive. I didn't have a TPM module, so I stored it onto the USB. When everything is all setup, I rebooted the system and windows will ask for the USB key. Plug the USB key in and system boots up like normal. When USB key isn't plugged in, windows won't boot. There is also the option to enter a recovery key that's given in a text file, during the Bitlocker setup, in case the TPM or USB drive stops working.

 

The reason why your USB key won't work is, it's encrypted so windows isn't able to access the key it wants that's on your USB drive. Should have never encrypted your USB flash drive, that had the window's decrypt key in it. Can try to do is, plug USB to another PC and if all goes to plan, bitlocker prompt should appear asking for password. Enter password to unlock it and  see if you can access the OS recovery key. This thread is almost a month old, so it's highly possible you have already wiped everything and started all over.

[Mark Kaine]

1 hour ago, NumLock21 said:

its decrypt key can be stored either on a TPM module or USB flash drive

but that's exactly its main flaw... it should just save it to the cpu or motherboard,  or actually both...!  

 

there are many other flaws like it doesn't warn you when doing a bios update to make sure you have the key... yeah its a windows feature *supported* by the mobo, so the mobo manufacturers aren't off the hook here either, or it apparently doesn't make it clear to users they really need the password ... it should like triple check they have it before enabling bitlocker... 

 

there's just way too many ifs for this to be a sensible feature...

 

if i understand this correctly not even a full backup would safe the user from data loss, because "no key"... 

 

highly flawed is putting it midly lol.

 

 

 

ALSO note I'm not the OP... i would never ever enable bitlocker or any other of these data stealing "features".  

[NumLock21]

On 10/1/2024 at 7:12 PM, Mark Kaine said:

but that's exactly its main flaw... it should just save it to the cpu or motherboard,  or actually both...!

They do go the CPU/motherboard as that's where the TPM module is located, it's also the biggest downsides of Bitlocker and any other type of drive encryption, because when your board dies, you won't be able to access your data. Bitlocker with the option of letting user save they key onto a USB address this problem, when a board dies or you want to do an upgrade, in theory, users can still still be able to their access on that encrypted drive, cause all they have to do is just plug in that USB that contains the key.

On 10/1/2024 at 7:12 PM, Mark Kaine said:

ALSO note I'm not the OP... i would never ever enable bitlocker or any other of these data stealing "features".  

If you know what you are doing, the bitlocker can be quite useful, especially for portable devices like a USB flash drive.

[Nord1ing]

On 10/3/2024 at 6:43 AM, NumLock21 said:

If you know what you are doing, the bitlocker can be quite useful, especially for portable devices like a USB flash drive.

Plateform-agnostic solution like Veracrypt allow to do not have that kind of issues, after bios or windows update.