Bitlocker asks to verify recovery key after switch to/from legacy boot

August 4th at 8:41am

We ran out of disk space on an old Dell Latitude E5530 and wanted to upgrade without reinstalling Windows and applications. Clonezilla and an external SATA/USB drive enclosure were used to duplicate the disk.

Once the new disk was installed we had an issue where windows would not boot without validating the bitlocker encryption key. Unfortunately for us we hadn't backed up the recovery key. Fortunately, we were able to get around this issue.

Problem/Solution

Our problem had its root in the laptop BIOS configuration. I was unable to boot the laptop from the Clonezilla USB drive without changing the boot mode to 'legacy'. Even in legacy mode I found I had to leave the external usb drive enclosure disconnected until the system successfully booted from the clonezilla drive.

The disk duplication went smoothly and without any hiccups or issues. I only noticed a problem when switching the boot mode back to UEFI where I was presented with this screen:

To address this issue I had to make these configuration changes in the Dell Latitude BIOS:

  • Change the boot mode from Legacy to UEFI
  • Disable legacy roms
  • Enable secure boot
  • Reboot

At this point the system was able to boot, whereupon we exported the bitlocker recovery so as to not be stuck in the future if this happens again.

Thoughts

It's disingenuous of Microsoft to claim that a 'disc or USB device' may be to blame for this issue. While the security system is doing its job (it detected a configuration change that was significant and warranted a pause in the boot/decrypt cycle) the idea that inserting a CD/DVD or USB stick would be the primary cause of this problem doesn't hold water IMO. There is a URL that claims to give 'more information on how to retrieve' the key that basically says you are hosed if you didn't back it up. Accurate but disappointing as the expectation isn't set on the error screen about what should have been done by the user.

I'm glad we were able to recover the system, though, as it would have been a pain to re-activate all the software on it.