Disabled bitlocker, cleared TPM, Can I re-enable?

Status
Not open for further replies.

azlurz

Reputable
Jan 10, 2015
2
0
4,510
Hi,

I have my OS drive encrypted with bitlocker. I had it "disabled/suspended" not decrypted before cloning my OS to a new disk.

I also cleaned out my laptops heat sinks and accidentally cleared cmos when I had the battery out to long. The TPM have now been wiped.
I can boot into windows on the new drive but would enabling Bitlocker again make it impossible to login again? I do have the recovery key, but I haven't backed up the TPM data.

Thanks
 
Solution
To be absolutely sure you can always turn BitLocker off (decrypts the drive) then reinitialize TPM and turn BitLocker back on, which will create a new recovery key. TPM is not cleared along with CMOS (it has its own flash that contains the unlock key) though clearing CMOS may disable it, requiring that you reenable. As long as you have the 48 digit recovery key you can still unlock the drive at boot time.

For future reference, it's always best to disable all encryption and decrypt all drives/partitions before doing any drive work, such as cloning, then reencrypt afterward. One little slip up and you could render your data permanently inaccessible.

azlurz

Reputable
Jan 10, 2015
2
0
4,510
The OS drive was already encrypted. What I did was:

1. Disabled bitlocker drive encryption.
2. Cloned the OS drive to new drive with Casper secure drive backup
3. Put the new drive in and booted. Everything worked fine at this point.
4. Disassembled the laptop to clean, disconnected the battery that cleared cmos.
5. Assembled everything and booted up again. It works but now I see this and I'm scared to enable encryption since the TPM have probably been cleared with cmos:
DK7sBgu.png


 
To be absolutely sure you can always turn BitLocker off (decrypts the drive) then reinitialize TPM and turn BitLocker back on, which will create a new recovery key. TPM is not cleared along with CMOS (it has its own flash that contains the unlock key) though clearing CMOS may disable it, requiring that you reenable. As long as you have the 48 digit recovery key you can still unlock the drive at boot time.

For future reference, it's always best to disable all encryption and decrypt all drives/partitions before doing any drive work, such as cloning, then reencrypt afterward. One little slip up and you could render your data permanently inaccessible.
 
Solution
Status
Not open for further replies.