Bitlocker with USB in hibernate state
Hi, I have configured a system bitlocker enabled with usb key. Every time after starting from hibernate state, bitlocker boot screen appears that says "Windows bitlocker drive encryption key needed. Insert key stroage media.........." Ok that screen is fine asking for usb media to be inserted if it not already. But the problem is the ENTER=Recovery key. If by mistake at this point ENTER key pressed, bitlocker recovery screen appear and this remove the hibernate status immediately. Now at this state if usb media inserted and pressed ESC button for exit and reboot, windows will not resume but cold start (like windows was abnormally shutdown) which seems logically wrong. The point is that bitlocker recovery was not the intention but if user by mistake pressed Enter(Recovery) key instead of Esc(Reboot) key it removes the hibernate while hibernate needs to be removed if user perform proper recovery procedure like entering valid bitlocker recovery key and then press ENTER key, but not at earlier screen. Is it by design? or it is happening with me?. If it is by design then is it possible to change the ENTER=Recovery with an alternate key like Ctrl+R or Alt+R? Thanks
July 25th, 2012 8:02am

Hi, Returning from hibernation requires BitLocker authentication. If you press Enter key by mistake, it is by design to enter the recovery mode. As a best practice, we recommend that sleep or hibernate mode be disabled and that you use TPM+PIN for the authentication method. Niki TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere Niki Han TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2012 3:00am

Hi, If by design it goes to recovery mode as user press Enter key then user can't do, but the point is deleting or removing the hibernate state immediately doesn't seems good and cold restart of a machine is not feasible if that machine already running lot of processes. Also TPM+PIN can not be used as TPM is not available on that particular machine, so if by some mean the Enter key can be changed by Ctrl+R or some thing else?
July 26th, 2012 9:45am

Hi, As far as I know, there is no way to change the ENTER=Recovery with an alternate key. For security purpose, several events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive. A listed events can be found from the following article: What causes BitLocker to start into recovery mode when attempting to start the operating system drive? http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_examplesosrec When one puts a computer in hibernation, some entries are added to the boot manager database. If the BitLocker Drive Encryption feature is enabled before the computer enters hibernation, our problem can occur because the platform-configuration registers change when the entries are added. Hence the OS believes that there was a change on the hardware side and asks for the recovery key, i.e. like after a BIOS update. The Enter should equals to Continue. When the computer detect that, it will ask for the Recovery key. For BitLocker with TPM, we can set a policy under Computer Configuration->Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Configure TPM platform validation profile as clear all the check boxes except the PCR 11 to work around the issue. But for machine without TPM, I did not find a way to avoid that. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2012 4:09am

Hi, I am writing to check if you have any other questions regarding the issue? Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 30th, 2012 11:15pm

A quick question. Do you have any bootable media inserted when this happens? BitLocker will prompt if it goes to sleep mode and then coming out of sleep mode there's bootable media being read.PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2012 11:19pm

Hi, I am writing to check if you have any other questions regarding the issue? Thanks, Spencer Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. No, but the issue of delete of hibernate state on enter key remains there, while on pressing Esc hibernate state is not deleting.
July 31st, 2012 4:04am

A quick question. Do you have any bootable media inserted when this happens? BitLocker will prompt if it goes to sleep mode and then coming out of sleep mode there's bootable media being read. PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon No, there is no bottable media inserted while boot process.
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2012 4:05am

Hi, On most computers, for a computer with sleep and hibernation, you can resume working by pressing your computer's power button. However, not all computers are the same. You might be able to wake your computer by pressing any key on the keyboard, clicking a mouse button, or opening the lid on a laptop. Check the documentation that came with your computer or go to the manufacturer's website. In our situation, if you do not wish to make the machine run into recovery mode, I think prevent the machine from sleep and hibernation would be the suitable method to workaround the issue. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 31st, 2012 11:19pm

Hi, On most computers, for a computer with sleep and hibernation, you can resume working by pressing your computer's power button. However, not all computers are the same. You might be able to wake your computer by pressing any key on the keyboard, clicking a mouse button, or opening the lid on a laptop. Check the documentation that came with your computer or go to the manufacturer's website. In our situation, if you do not wish to make the machine run into recovery mode, I think prevent the machine from sleep and hibernation would be the suitable method to workaround the issue. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2012 11:21pm

Hi, The answer of Spencer marked as answer by Niki Han unfortunately is not the answer of the actual problem. Hence the issue in thread is still being faced. Thanks
August 30th, 2012 1:49pm

Hi, I think the issue is beyond software level. Have you tried to contact the computer vendor for checking the issue? And also, only press Enter can resume the machine from hibernation? How about press Space key or click the mouse? For the Bitlocker recovery mode issue, it is expected to run into recovery mode after hibernation. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2012 10:26pm

Hi, Well, I think the issue is not exactly clear yet. Its not beyond the software level. There is nothing todo with vendor or computer as everything (key, mouse etc) is working fine. This issue is with bitlocker or windows itself when bitlocker asking for storage media key if it is not inserted when coming out from the hibernate machine state. Please have a look at attached snap below. Now here, bitlocker asking to insert storage media state and then press Esc key to reboot Now at this stage (1st snap), if user accidently pressed Enter key instead of Esc key, another screen (2nd snap) appears to enter recovery key. Please have a look at 2nd snap attached below Now here user as he accidently came to this recovery screen, goes back to 1st snap by pressing Esc key, and then press Esc to reboot after insering the media. At this stage (2nd snap) or before going to 2nd snap from 1st, the hibernate state has been deleted by windows or bitlocker, which should not be as user havnt started the recover procedure or entered the recovery key.
August 31st, 2012 11:09am

Hi, Thanks for your description. So what is the problem? From your description, all these behaviors are as expected for BitLocker. Hibernate state will write the information to registry. After this state being deleted, the Windows detected that there is registry changes before and after the states changes, then it will run into recovery mode. Here you will need to input the recovery key or reboot the machine and use the removable drive which contains the startup key to boot the operating system. This just why the BitLocker is a more secure method to protect our data. And also, if disable Hibernate is not an acceptable method, you can make the BitLocker to suspend status after boot the operating system temporarily. Then after the hibernate states changes, it will not run into recovery mode. Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2012 11:35pm

Hi, Thanks for reply, but I think as from either side the issue is not clear. From your description part, "Hibernate state will write the information to registry. After this state being deleted" the question is who is deleting this hibernate state when Enter key is pressed on 1st screen? Bitlocker or Windows? and why this hibernate state is not deleted when Esc key is pressed on 1st screen? Logically and in my view (might be I am wrong) pressing Enter on 1st screen then Esc on 2nd screen is same as pressing Esc on 1st screen. Both functioning the same (rebooting after inserting usb key storage media) and here it doesn't seems any security measure at this stage by deleting hibernate state for 1 scenario and not for another. Regarding your suspend suggestion, will this bring any security issue? For e.g. if I suspend and keep it suspended afterword, can this drive be read by detaching from current machine and attaching to another machine directly without providing bitlocker key? and will the new data written to suspended drive will still same secure as it without suspended? Thanks
September 1st, 2012 9:33am

Hi, Do you mean who caused the computer recovered from the hibernation status? Bitlocker and Windows will not do this. As we have discussed, on most computers, for a computer with sleep and hibernation, you can resume working by pressing your computer's power button. However, not all computers are the same. You might be able to wake your computer by pressing any key on the keyboard, clicking a mouse button, or opening the lid on a laptop. Check the documentation that came with your computer or go to the manufacturer's website. Do you mean to detach the operating system volume to another machine? Normally, if the system volume has Bitlocker enabled and after turn it to suspend, then attach the system volume to another machine, it will prompt into Recovery mode which need the recovery key. When BitLocker is suspended, BitLocker keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, and the clear key is erased. This option is only available for operating system drives. Two articles for your reference to learn more about Bitlocker: http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx http://technet.microsoft.com/en-us/library/ee449438(v=WS.10).aspx Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 5:35am

No, I didn't mean who caused the computer recovered or resume from hibernate state. Obviously it is me who pressed the power button on computer to resume from hibernate state. I am asking after turning on the computer who is deleting the hibernate state when I press the Enter key at bitlocker start-up screen.
September 5th, 2012 4:11am

Hi, After you turned on the computer, the hibernate state has been ended. Normally, Windows will read the information from the registry key to recovery the session before the hibernation. However, since we have Bitlocker enabled, Bitlocker detected that there are changes made with the registry (which were made by the hibernation), for protection purpose, it will run into recovery mode. With recovery key will unlock the computer for recover the session. And also, you can press ESC to reboot the computer and then the computer will require the USB drive that contains the start up key to boo up the machine. All these are expected with Bitlocker enabled for the operating system machine. Thanks, Spencer Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 6th, 2012 2:12am

Hi, No, after turning on the computer, hibernate state is not ended / deleted. It is not even deleted when press Esc on 1st screen. The computer as expected normally resume from the hibernate state if key storage media is inserted before starting computer or after starting computer and pressing Esc (Reboot) Key. Hibernate state is only deleted when I press Enter (Recovery) key on 1st screen after staring computer and it doesn't seems the normal behavior as why it is being deleted only on Enter key.
September 8th, 2012 3:05am

Hi, I think this should because that the machine does not detect the valid remove device and the .BEK file stored in the removable drive. Have you tested if we insert the correct removable drive, after the 1st screen shows that the Drive Label and the Key File name with .BEK extension, will ESC come into effect? Thanks, SpencerPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2012 3:11am

Hi, Yes, I already have tested it after inserting the correct USB media containing correct .BEK extention file. At this point On pressing Enter it delete hibernate state, while on pressing Esc it doesn't delete hibernate state.
September 16th, 2012 12:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics