BitLocker Recovery Key

What is Windows BitLocker?

The BitLocker Drive Encryption security feature in Windows protects files on your computer in the event that anyone tampers with the computer's startup process.
BitLocker can leverage the Trusted Platform Module (TPM) security hardware to guard data and system files in the Windows operating system directory, and also protects early boot component integrity.
Encrypting the entire Windows volume with BitLocker can help prevent others from seeing your files, even if your computer is stolen or a hard disk removed.

Bitlocker Errors

If you see either of the prompts below, please contact the Help Desk at x71945 immediately for remediation.
The bitlocker recovery prompt can occur for for the following reasons:
- System board or other hardware failure to include the hard disk.
- Windows updates, specifically ones that update hardware drivers.
- Changing the BIOS boot order to boot another drive ahead of the hard drive
- Having CD or DVD drive ahead of the hard drive in the BIOS and inserting or removing a CD/DVD
- Failing to boot from a network drive before booting from the hard drive
- Docking or undocking a portal computer if the computer was (respectively) undocked or docked when Bitlocker was turned on
- Changes to NTFS partition table on the disk including: Creating, Deleting, or Resizing the primary partition.
- Entering PIN incorrectly too many times, activating the anti-hammering logic of the TPM
- Turning off BIOS support for reading USB devices in the pre-boot environment if you are using USB-based keys instead of PIN T
- urning off, disabling, deactivating, or clearing the TPM
- Upgrading critical early startup components such as BIOS upgrades
- Forgetting the PIN with PIN authentication
- Updating option ROM firmware
- Upgrading TPM firmware Adding or removing hardware
- Removing, inserting, or completely depleting the charge on a smart battery (portal computer)
- Changes to the master boot record (MBR) on the disk
- Changes to the boot manager (bootmgr) on the disk
- Hiding the TPM from the operating system
- Using a different keyboard that doesn’t enter the PIN correctly or one that doesn’t map as assumed by the pre-boot environment
- Modifying the Platform Configuration Registers (PCRs) used by the TPM validation profile
- Moving the Bitlocker-protected drive to a different system
- Upgrading the motherboard to a new one with a new TPM
- Losing the USB flash drive containing the startup key with startup key authentication enabled
- Failing the TPM self-test
- Having a BIOS or an option ROM component that is not compliant with the relevant Trusted Computing Group standards for a client computer
- Changing the usage authorization for the storage root key of the TPM to a non-zero value
- Disabling the code integrity check or enabling test signing on Windows Bootmgr
- Pressing the F8 or F10 key during the boot process
- Adding or removing add-in cards (such as video or network cards), or upgrading firmware on add-in cards
- Using a BIOS hot-key during the boot process to change the boot order to something other than the hard drive
  
  More information about bitlocker can be found here: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview

Requesting a BitLocker Key

If your machine will not boot and you are prompted for a BitLocker key, provide the following to the Help Desk.
- Computer Name or Serial Number / Service Tag (From the bottom of the computer)
- Your Name, NetID, and department.
- Verification of identity. This can either be done by sending a photo of a Government ID to help@georgetown.edu or by calling 202.687.4949 and verifying your identity over the phone.
- If this happens often, there is likely a hardware issue with your computer and it may need to be serviced.

Use Cloud Backup

Issues can happen at any time. Be sure your files are stored in cloud or an external storage device.

Please let us know if you need help and provide feedback to make this article better.