BitLocker question

Yolina

Laptop with Win 8 Pro and BitLocker. Before I go about encrypting the drives, how does it work in the event of restoring a backup from external HDD or having to use Windows recovery media? I'm just slightly worried it could all turn into a ginormous PITA...

John_Gray

You could do worse than to read through what Wikipedia says about BitLocker.
Then read What Bitlocker does, and what it doesn't do.

Yes, undoubtedly a PITA. Truecrypt is probably better - but it depends on precisely what you are trying to achieve!

Yolina

I know what it does, but thanks

My question was more specific:
Let's assume my drives are BitLocked and something goes wrong with the laptop. If I need to use the recovery partition/physical recovery media, or restore a full image then how does it all play together? I am really having a hard time finding that exact info and that's something I'd like to know beforehand

John_Gray

Does this writeup, about Macrium Reflect and Bitlocker, assist in any way?

Yolina

Possibly will do some more digging. You'd think that kind of fairly essential info (IMHO!) would be readily available, but for some reason isn't. Could well be that it is fairly straightforward (i.e along the lines of "do Windows recovery as normal and input BitLocker password/recovery key when prompted") but...

S0litaire

I think you can't do a "bare metal" restore with BitLocker (i'e blank drive and an encrypted backup!)

*NOTE*
I've never used Bitlocker, I'd rather go with a trusted 3rd party program who have recovery options well worked out and documented.

From what I've read, you need to use the recovery disk, install the Base OS and then use that to open the bitlocked backup using the 48 digit key that was created when you first used bitlocker either by hand or as a file on a USB stick.

Then you can access the encrypted drive to restore the system.

Then recovery can read the drive and decrypt the backup.

http://social.microsoft.com/Forums/en-US/whssoftware/thread/01532e7a-9d27-425e-b183-20c533cb9196/

Yolina

The backup wouldn't be bitlockered... let's try again, and I hope I can make things clear this time :rotfl:

- SSD which I partitioned into C: &
- there are 3 other included partitions: OEM recovery partition, Recovery partition, EFI system partition
- I also have put recovery on physical media - one done via the Windows utility and the other via the manufacturer (Sony) utility;
- C: & would be bitlockered with password (+ obviously recovery key stashed away somewhere safe!)
- what happens if for any reason the laptop throws a tantrum and I have to boot into recovery and then either need to repair or reinstall the OS without being able to unlock the drives first?

I went for a nosey in the MS tech library and couldn't find an answer there...

S0litaire

OK think i posted the wrong link >_<
Try this:

http://answers.microsoft.com/en-us/windows/forum/windows_vista-system/how-do-i-restore-my-bitlocker-encrypted-computer/85c3e924-5cb3-42ec-b215-fa8776b12597

Recovery has the ability to decrypt drives if you have the passkey handy.

Recovery password and recovery key

"When you set up BitLocker, you must create a recovery password. In the event that your computer enters a recovery state, you need this recovery information (either a recovery password or recovery key) to unlock the encrypted data on the volume. You can save the recovery password in one of these formats:

• As a numerical password consisting of 48 digits divided into 8 groups. During recovery, you need to type this password into the BitLocker recovery console by using the function keys on your keyboard.
• As a recovery key stored as a file on a USB flash drive, in a format that can be read directly by the BitLocker recovery console. During recovery, you need to insert this USB device."

Yolina

I saw something similar in the Win 8 BitLocker tech library, but the "recovery state" was referring to BitLocker recovery mode, rather than the "normal" computer recovery - that why I'm finding it all so damned confusing...
And the standard (consumer) MS help pages only refer to turning BL on/off and that kind of things, but no "what to do when the SHTF and your drive is bitlockered". Obviously a non-issue if I am still able to access settings and decrypt *before* booting into recovery, but still not sure of how it all works if I can't. Hopefully I never have to find out :rotfl: but it would have been nice to hear if anyone had any experience of it.

Jivesinger

There are some good tutorials for this sort of thing over on Windows 8 Forums. For instance:
http://www.eightforums.com/tutorials/21433-bitlocker-recovery-unlock-drive-windows-8-a.html

http://www.eightforums.com/tutorials/21714-bitlocker-repair-tool-recover-drive-windows-7-8-a.html

Yolina

The solution offered to people who have forgotten their pw and lost recovery key (!) is to delete partition, format & reinstall - so that puts my mind at rest as to any potential issues as I have backups galore anyway.

So the way it *should* work is that booting into system recovery with drives still locked would call for BL password or recovery key to be entered and then proceed as normal. And if for whatever reasons there's issues, then just wipe the lot