Can’t use BitLocker on Tablet to encrypt system drive C:

on my Tablet (TrekStor SurfTab Duo W1 WiFi) i upgraded Windows 10 Home to Windows 10 Pro specially to be able to use BitLocker.
now it turns out, that BitLocker isn’t able to encrypt my internal system drive C:

to me for an unknown reason.

i know, because the tablet doesn’t have a permanent keyboard attached, BitLocker may see that as not fulfilling the minimum requirement.
but i can force to ask for a PIN via BitLocker policies.
but BitLocker always give me that error message after a check:
“[Window Title]
BitLocker Drive Encryption
[Main Instruction]
BitLocker could not be enabled.
[Content]
The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically.
C: was not encrypted.

[Close]

the strange thing is, if i force BitLocker to use a PIN and BitLocker starts to check the system, after a reboot i get the mask that ask me for the PIN as expected – so that part is working, but after login, i get again that error message.
and when i do the encryption of drive c: without let BitLocker check the system first, after a reboot, i’ll get asked for the PIN – so far so good, but then after the it looks like Windows will boot as usual, windows boots into recovery mode and prepares the recovery decryption of drive C: and asking me for the long BitLocker recovery key.
so, what the **** is going on. why isn’t BitLocker working on that system drive on my Tablet?
system recovery is enabled and working,
TPM 2.0 is avtive and working – that’s, what tpm.msc is telling.
the PIN is working as well, when i want to have a PIN.
BitLocker can encrypt and unlock encrypted external drives and SD cards without any problems.
i only have trouble with system drive C:

any hints, how i can manage BitLocker encrypting my system drice C: ?

Solution

fixed: in the UEFI settings menu (aka BIOS) i disabled Secure Boot and re-enabled that option again.

then a question popped up with the choice to reset the secure keys to factory defaults. i one time i said NO and one time i said YES.
after saving changes, exiting the UEFI settings menu and boot into windows, the encryption of the windows system drive started automatically.
no idea, what exactly did the trick.
upgrade to Windows 10 Pro 1703  (10.0.15063.296),
turning Secure Boot off and on again,

or resetting secure keys to factory defaults.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *