Bitlocker hardware encrypted separate data drive impossible to unlock after hibernation wake up

fplk 10 Reputation points
2023-11-02T08:40:07.1+00:00

Hello,

I've enabled bitlocker (hardware-encryption) for a volume on a secondary drive. Now, whenever my laptop wakes up from hibernation, the locked volume on the secondary drive isn't unlocked and becomes impossible to unlock. It is set up to auto unlock, but it's not possible to unlock it manually if it's locked with password/recovery key. Issuing manage-bde commands manually reports success yet produces no observable change in behavior.

Configuration that I now have is:

  • Disk 0 - 980 Pro
    • Partition 0 - OS - HW encrypted - works
      • Partition 1 - Data - HW encrypted - works
  • Disk 1 - 990 Pro
    • Partition 0 - Data - HW encrypted - broken

When I had disk0 with SW encryption, I had effectively the same problem. Switching disk 1 to SW encryption makes it unlock fine. After reboot / cold start, everything works as expected as well.

What I also noticed, is that the event sequence is slightly different for cold start & hibernation paths. For cold start (when things work), I see EnhancedStorage-EhStorTcgDrv (which, looking at the name, is responsible for edrive communication) issuing events 100 and 12.

On hibernation, it yields different sequence of events (see attachment) with event id's 100 and 13 (issuing authentication ops and reporting success).

See this for both logs; totally willing to provide more / any info if needed.

Would be really grateful for any eng help on this. Thank you!

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,858 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Vasilis 5 Reputation points
    2024-01-03T01:51:27.9266667+00:00

    I have the exact same issue and I have just submitted it to Microsoft.
    Please upvote it, and even provide your own data.
    https://aka.ms/AAoearv

    1 person found this answer helpful.
    0 comments No comments

  2. kuro68k 1 Reputation point
    2023-11-07T22:55:54.94+00:00

    Same problem, and I have a solution. Forget BitLocker, it's broken for hardware encryption and Microsoft isn't interested in fixing it.

    Use sedutil instead. On boot it unlocks all drives. Works with hibernation. The only downside is that it doesn't support Sleep.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.