dynabook Europe Support
Technical Support Bulletin

Suspend Bitlocker disk encryption when applying Firmware- or BIOS updates, Hardware drivers or Operating System updates


Issue

BitLocker Drive Encryption is an integral security feature that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks", attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.

 

BitLocker uses the Trusted Platform Module (TPM) to provide enhanced protection for your data and to assure early boot component integrity. This helps protect your data from theft or unauthorized viewing by encrypting the disk volumes.


Resolution (short):

  Important 

In order to apply particular firmware- or BIOS updates, hardware drivers or when updating the operating system itself, it is recommended to suspend Bitlocker protection.

 

Otherwise there is a possibility that Bitlocker protection is asking for the Recovery Key on the next boot of the operating system.


Resolution (detailed):

Suspend BitLocker Drive Encryption




How to suspend BitLocker Drive Encryption and decrypt the volume. The procedure is the same for all BitLocker Drive Encryption configurations on TPM-equipped computers and computers without a compatible TPM.

When you suspend BitLocker, you can choose either to temporarily turn-off BitLocker (=suspend), or to decrypt the drive. Disabling BitLocker allows TPM changes and operating system upgrades. Decrypting the drive means that the volume will once again be readable, and that all the keys are discarded. Once a volume is decrypted, you must generate new keys by going through the encryption process again.


Before you start

                           

    You must be logged on as an administrator.

 

    The drive must be encrypted.

                                                                                          
To suspend BitLocker Drive Encryption on an operating system drive (Suspend)

    1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
    2. Click Suspend Protection for the operating system drive.
    3. A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click Yes to continue and suspend BitLocker on the drive.

 

By completing this procedure, you have suspended BitLocker protection on the drive by changing the decryption key to a clear key. To read data from the drive, the clear key is used to access the files. When BitLocker is suspended, TPM validation does not occur and other authentication methods, such as the use of a PIN or USB key to unlock the operating system drive, are not enforced. This allows you to make system changes such as updating the BIOS or replacing a data drive. When you are finished making changes to the computer, click Resume Protection from the BitLocker Drive Encryption Control Panel item to start using BitLocker Drive Encryption again.

 

To turn off BitLocker Drive Encryption (Decrypt)

 

Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.

    1. Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.
    2. A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive.

 

By completing this procedure, you have decrypted the drive and removed BitLocker protection.


Document details
Document ID:
TSB5603RC0000R01
Doc Type:
Security
Online Date:
2015-06-02 00:00:00
Date Modified:
2019-09-26
Category:
Software, Hardware
Company:
-
Product Category:
 
Product Group:
 
Product Series:
 
Product:
 
Model Number:
 
Operating System:
Windows 10 - 32 Bit, Windows 10 - 64 Bit, Windows 7 - 32 Bit, Windows 7 - 64 Bit, Windows 8 - 32 Bit, Windows 8 - 64 Bit, Windows 8.1 - 32 Bit, Windows 8.1 - 64 Bit, Windows Vista 32 Bit, Windows Vista 64 Bit
Keywords:
Drive, Encryption, Firmware, Operating System, Password, Security


Disclaimer


Dynabook provides this information "as is" without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Dynabook shall not be responsible for the topicality, correctness, completeness or quality of the information or software provided. Dynabook is not liable for any damage caused by the use of any information or software provided, including information that is incomplete or incorrect. Any trademarks used herein belong to their respective owners.


Copyright Dynabook Europe GmbH. All rights reserved.