Question Bitlocked drive unlocked automatically in PE: Normal or not?

Toggle sidebar Toggle sidebar
P

Permeus

Jul 10, 2023
11
0
10
Hi everyone. I noticed an odd behavior on the part of my most recent laptop as opposed to a laptop I bought some three years ago: On the old laptop I can encrypt both the booted Windows 10 drive and a data drive using Bitlocker and have access to these drives once Windows is booted, or by unlocking the drives using a Bitlocker password or recovery key if I boot the laptop from an external Windows PE drive. The laptop has a TPM so I don't need to enter a password or PIN when booting Windows 10. The data on both the Windows and data drives remains inaccessible without the Bitlocker password or recovery key when a Windows password is set.

Under the same scenario on the new laptop though I can simply boot the machine from a Windows PE USB drive and voilà: Both Windows and data drives are automatically unlocked and all data on the drives is accessible; no need to enter any passwords. This laptop also has a TPM. Could this be considered normal behavior? Reason I ask is because it seems to me a security issue if anyone with access to the laptop can access the data on it despite Bitlocker encryption and a Windows password simply by booting it from an external drive. Also: Is there a way I can set the laptop to behave like the old one, i.e. not to automatically unlock the drives when booted from an external drive, e.g. Windows PE? Is there perhaps a way to set the TPM to accomplish this?

Any insight appreciated. Cheers.
 
Permeus said:
Hi everyone. I noticed an odd behavior on the part of my most recent laptop as opposed to a laptop I bought some three years ago: On the old laptop I can encrypt both the booted Windows 10 drive and a data drive using Bitlocker and have access to these drives once Windows is booted, or by unlocking the drives using a Bitlocker password or recovery key if I boot the laptop from an external Windows PE drive. The laptop has a TPM so I don't need to enter a password or PIN when booting Windows 10. The data on both the Windows and data drives remains inaccessible without the Bitlocker password or recovery key when a Windows password is set.

Under the same scenario on the new laptop though I can simply boot the machine from a Windows PE USB drive and voilà: Both Windows and data drives are automatically unlocked and all data on the drives is accessible; no need to enter any passwords. This laptop also has a TPM. Could this be considered normal behavior? Reason I ask is because it seems to me a security issue if anyone with access to the laptop can access the data on it despite Bitlocker encryption and a Windows password simply by booting it from an external drive. Also: Is there a way I can set the laptop to behave like the old one, i.e. not to automatically unlock the drives when booted from an external drive, e.g. Windows PE? Is there perhaps a way to set the TPM to accomplish this?

Any insight appreciated. Cheers.
Click to expand...
When encrypt a drive you have 3 options to unlock the drive; enter a PIN; insert a USB flash drive; or allow Bitlocker automatically unlock the drive. It is this third option which is causing your concern. So the obvious answer it to use the first or second option.
 
dwd999 said:
When encrypt a drive you have 3 options to unlock the drive; enter a PIN; insert a USB flash drive; or allow Bitlocker automatically unlock the drive. It is this third option which is causing your concern. So the obvious answer it to use the first or second option.
Click to expand...
Hello dwd999. Thank you for your reply. From what I gather the solution regarding the new laptop would be to enable Bitlocker without using the TPM, which naturally defeats the purpose of having a TPM.
The old laptop unlocks the drives automatically only when booting the Windows OS which originally locked the drives.
My first question remains open: Could this be considered normal behavior?
Cheers.
 
Permeus said:
Hello dwd999. Thank you for your reply. From what I gather the solution regarding the new laptop would be to enable Bitlocker without using the TPM, which naturally defeats the purpose of having a TPM.
The old laptop unlocks the drives automatically only when booting the Windows OS which originally locked the drives.
My first question remains open: Could this be considered normal behavior?
Cheers.
Click to expand...
Sorry, I can't really comprehend why anyone would want to use Bitlocker with TPM. I wouldn't want any computer to automatically unlock any drives when booted. That's my definition of security.
 
Hi dwd999. I gather you're not a fan of TPM :) Still, for those users who would like to make use of it the question still remains open.
So far the only workaround I have found is to use a system password to prevent access to the laptop altogether. If anyone has any information on how to set the TPM as I described in my first post, please do share.
Cheers.
 
Last edited:
Ok, after further testing it seems the condition occurs only when Device Encryption is enabled in Windows 10. If the drives are locked individually, they remain so when booting from the external PE drive.
Whatever change occurred in the implementation of TPM, it seems less than optimal for the new laptop to unlock such drives in a PE environment.
Cheers.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom