![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 11%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
28,657 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 27%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
If your Windows 11 system is asking for the BitLocker recovery key at every startup, it's a sign that something is triggering BitLocker to think your system is at risk so let check it manually one by one by these steps bellow :
- Check for TPM Issues
BitLocker uses the TPM (Trusted Platform Module) to securely store keys. If TPM is disabled or malfunctioning, BitLocker will ask for the recovery key.
- Press
Windows + R→ typetpm.msc→ press Enter. - Check the Status:
- It should say “The TPM is ready for use.”
- If not, restart your PC, enter the BIOS/UEFI, and enable TPM (might be called fTPM, PTT, or similar).
- Check Secure Boot Setting
BitLocker relies on Secure Boot to verify boot integrity.
- Reboot your PC → Enter BIOS/UEFI.
- Make sure Secure Boot is enabled.
- If you recently changed boot mode from UEFI to Legacy/CSM, change it back to UEFI.
- Suspend and Resume BitLocker
Sometimes reinitializing BitLocker can fix persistent prompts.
- Open Command Prompt as Administrator
- Run the command one by one:
manage-bde -protectors -disable C:
shutdown /r /t 0
- After reboot:
manage-bde -protectors -enable C:
-> This clears transient errors and rebinds BitLocker to TPM correctly.
- Check for Boot Order or Device Changes
BitLocker prompts if:
- You plug/unplug external drives,
- You change boot order,
- You dual boot,
- You change hardware (SSD, RAM, etc.)
*Make sure the internal system drive is first in the boot order in BIOS.
- Update BIOS and Drivers
Outdated firmware can mess with TPM and BitLocker.
- Visit your PC manufacturer’s website.
- Download and install the latest BIOS/UEFI firmware and TPM firmware, if available.
- Check Group Policy Settings
Ensure BitLocker is configured correctly.
- Press
Windows + R→gpedit.msc - Go to Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives
- Double-click Require additional authentication at startup
- Set to Enabled, and check:
- At the box "Allow BitLocker without a compatible TPM (requires a password or USB key at startup)" is NOT checked if you have TPM
- Turn off BitLocker and turn it back on should be the easiest way, but to make sure there is no errors, I have to let this step at the end
*This takes time because it have to decrypt and re-encrypt, may leave data unprotected temporarily.
- Go to Control Panel > BitLocker Drive Encryption
- Click Turn off BitLocker
- Let it fully decrypt
- Then click Turn on BitLocker again and reconfigure