Why my surface pro asks for BitLocker recovery key?Win7 --> Win8 = Bitlocker won't ask for...
What wound would be of little consequence to a biped but terrible for a quadruped?
Why do Australian milk farmers need to protest supermarkets' milk price?
Making a sword in the stone, in a medieval world without magic
What is the difference between "shut" and "close"?
validation vs test vs training accuracy, which one to compare for claiming overfit?
Can "semicircle" be used to refer to a part-circle that is not a exact half-circle?
What exactly is the purpose of connection links straped between the rocket and the launch pad
How can I discourage/prevent PCs from using door choke-points?
Decoding assembly instructions in a Game Boy disassembler
Single word request: Harming the benefactor
If the Captain's screens are out, does he switch seats with the co-pilot?
Playing ONE triplet (not three)
What to do when during a meeting client people start to fight (even physically) with each others?
Silly Sally's Movie
"One can do his homework in the library"
Why don't MCU characters ever seem to have language issues?
Deleting missing values from a dataset
What does it mean when multiple 々 marks follow a 、?
How to make readers know that my work has used a hidden constraint?
Counter-example to the existence of left Bousfield localization of combinatorial model category
Examples of odd-dimensional manifolds that do not admit contact structure
Prove that the total distance is minimised (when travelling across the longest path)
Running a subshell from the middle of the current command
Can infringement of a trademark be pursued for using a company's name in a sentence?
Why my surface pro asks for BitLocker recovery key?
Win7 --> Win8 = Bitlocker won't ask for passwordProblems enabling Bitlocker on Surface Pro with Windows 8.1Default location for storing bitlocker keyTPM not found on Surface Pro 3Windows/Linux dualboot: Windows asks for bitlocker recovery key every boot after reinstalling LinuxBitLocker asks for recovery key every time on boot on SSDWhy are there 2 “Recovery”-type partitions after enabling BitLocker?BitLocker Windows 10 key ID match, but password notBitLocker recovery key required after dual-booting Ubuntu(Dual boot) Windows 7 asks for recovery key after update
I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.
My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.
bitlocker microsoft-surface-pro
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
add a comment |
I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.
My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.
bitlocker microsoft-surface-pro
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
add a comment |
I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.
My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.
bitlocker microsoft-surface-pro
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.
My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.
bitlocker microsoft-surface-pro
bitlocker microsoft-surface-pro
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
asked May 20 '18 at 6:13
LuisSuarez7LuisSuarez7
11113
11113
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
What you are facing
Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.
I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.
Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.
What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:
https://account.microsoft.com/devices/recoverykey
That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.
With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.
Things you must not do
Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
|
show 4 more comments
Your recovery key may be stored in your Microsoft Account.
https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key
If you haven't backed up your recovery key, your data will be inaccessible.
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
add a comment |
I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.
So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.
So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
In the case where this is only a glitch in the BIOS, where the device was never
really encrypted, BitLocker needs to be undone in the BIOS.
This is the procedure to boot into the BIOS, to find there some way of disabling
BitLocker or of resetting the BIOS.
To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:
- Power off the Surface – a reboot is not sufficient
- Press and HOLD the Volume UP button (on the left side of the tablet)
- Press and HOLD the Power button for five seconds (on the top of the tablet)
- Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1324333%2fwhy-my-surface-pro-asks-for-bitlocker-recovery-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
What you are facing
Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.
I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.
Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.
What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:
https://account.microsoft.com/devices/recoverykey
That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.
With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.
Things you must not do
Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
|
show 4 more comments
What you are facing
Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.
I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.
Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.
What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:
https://account.microsoft.com/devices/recoverykey
That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.
With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.
Things you must not do
Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
|
show 4 more comments
What you are facing
Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.
I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.
Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.
What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:
https://account.microsoft.com/devices/recoverykey
That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.
With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.
Things you must not do
Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.
What you are facing
Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.
I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.
Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.
What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:
https://account.microsoft.com/devices/recoverykey
That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.
With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.
Things you must not do
Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.
edited May 21 '18 at 2:45
answered May 20 '18 at 8:36
user477799
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
|
show 4 more comments
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
What if the Surface Pro uses a local login?
– harrymc
May 20 '18 at 8:42
1
1
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.
– user477799
May 20 '18 at 9:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
@harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker
– Ramhound
May 20 '18 at 10:38
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.
– user477799
May 20 '18 at 10:47
1
1
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
@harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.
– user477799
May 20 '18 at 11:20
|
show 4 more comments
Your recovery key may be stored in your Microsoft Account.
https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key
If you haven't backed up your recovery key, your data will be inaccessible.
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
add a comment |
Your recovery key may be stored in your Microsoft Account.
https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key
If you haven't backed up your recovery key, your data will be inaccessible.
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
add a comment |
Your recovery key may be stored in your Microsoft Account.
https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key
If you haven't backed up your recovery key, your data will be inaccessible.
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
Your recovery key may be stored in your Microsoft Account.
https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key
If you haven't backed up your recovery key, your data will be inaccessible.
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
answered May 20 '18 at 7:51
David MarshallDavid Marshall
6,60532132
6,60532132
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
add a comment |
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
One problem : the guy says he hasn't used BitLocker so there is no key to recover.
– harrymc
May 20 '18 at 11:02
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
@harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.
– David Marshall
May 21 '18 at 16:24
add a comment |
I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.
So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.
So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.
So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.
So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.
So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.
So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.
So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.
So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 mins ago
ZeoanarchyZeoanarchy
1
answered 4 mins ago
ZeoanarchyZeoanarchy
1
1
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
In the case where this is only a glitch in the BIOS, where the device was never
really encrypted, BitLocker needs to be undone in the BIOS.
This is the procedure to boot into the BIOS, to find there some way of disabling
BitLocker or of resetting the BIOS.
To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:
- Power off the Surface – a reboot is not sufficient
- Press and HOLD the Volume UP button (on the left side of the tablet)
- Press and HOLD the Power button for five seconds (on the top of the tablet)
- Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
|
show 1 more comment
In the case where this is only a glitch in the BIOS, where the device was never
really encrypted, BitLocker needs to be undone in the BIOS.
This is the procedure to boot into the BIOS, to find there some way of disabling
BitLocker or of resetting the BIOS.
To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:
- Power off the Surface – a reboot is not sufficient
- Press and HOLD the Volume UP button (on the left side of the tablet)
- Press and HOLD the Power button for five seconds (on the top of the tablet)
- Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
|
show 1 more comment
In the case where this is only a glitch in the BIOS, where the device was never
really encrypted, BitLocker needs to be undone in the BIOS.
This is the procedure to boot into the BIOS, to find there some way of disabling
BitLocker or of resetting the BIOS.
To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:
- Power off the Surface – a reboot is not sufficient
- Press and HOLD the Volume UP button (on the left side of the tablet)
- Press and HOLD the Power button for five seconds (on the top of the tablet)
- Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.
In the case where this is only a glitch in the BIOS, where the device was never
really encrypted, BitLocker needs to be undone in the BIOS.
This is the procedure to boot into the BIOS, to find there some way of disabling
BitLocker or of resetting the BIOS.
To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:
- Power off the Surface – a reboot is not sufficient
- Press and HOLD the Volume UP button (on the left side of the tablet)
- Press and HOLD the Power button for five seconds (on the top of the tablet)
- Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.
edited May 20 '18 at 13:36
community wiki
2 revs
harrymc
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
|
show 1 more comment
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.
– harrymc
May 20 '18 at 10:59
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
It is not an error and the only way of disregarding it is to disregard using that computer altogether.
– user477799
May 20 '18 at 11:23
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
@EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.
– harrymc
May 20 '18 at 13:34
2
2
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.
– Ramhound
May 20 '18 at 13:47
3
3
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?
– Ramhound
May 20 '18 at 14:44
|
show 1 more comment
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1324333%2fwhy-my-surface-pro-asks-for-bitlocker-recovery-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
