Bitlocker pin (pre-boot) screen empty

Question

Hello,

I enables bitlocker on a laptop (without TPM) and I also enabled the additional authentication with pin. It all works fine but I have small issue.

When the laptops reboots or boots fresh, the pre-boot screen where it should ask for the pin its just a plain blue screen. none of these letters or the space whre you press the pin appears. Although if you press the pin and hit enter it boots fine. Anyone has bumped onto this?

This is the screen on my laptop

Thank you

Answer 1

Hi John,

You might be facing this issue due to corrupt system files or outdated graphics card. I suggest you to change the resolution on the computer and update the graphics card and check if it helps.

a)       Right-click the mouse from the desktop interface and select “Screen Resolution” from the menu.

b)       Check the screen resolution shown there. It should be at least 1024 X 768.

**Method 1:**Update video card driver.

Steps to update video card driver:

a.    Press Windows key + X and select device manager.

c.    Select the video card device and right click on it

d.    Now select properties.

e.    In the properties window, under Driver tab, click on Update Driver button.

f.    After the installing the updates restart the computer.

If the issue persists even after updating the graphics card driver, I suggest you to run the SFC scan and check.

Method 2:

Run a system file checker scan and then try to create system restore points check if that helps. Refer the following steps to run SFC scan.

Please refer to the steps to perform SFC Scan:

a. Press “Windows Key + Q” to open Charms Bar.

b. Type “cmd” without quotes in the search box.

c. On the left pane, right click on the “cmd” option and select “Run as Administrator”.

d. Type ‘sfc /scannow’ without quotes and hit enter.

Note: It may ask for windows installation DVD to fix and to enable SFC to make more than minor repairs. Some files saved on your computer might get deleted when fixing corrupted files.

Hope this helps.

Please post back if the issue persists and we will be glad to assist you further.

Answer 2

Hi,

for my computer, I tested command line

bfsvc.exe %windir%\boot /v

successfully.  At the next boot, the BitLocker screen was fixed, no need to manually copy the font files. This was pointed out by TimoNT at MS partner forum.

Kind Regards

Felix Alter

Answer 3

Update: It also appears MS may have fixed the offending update now. as of 07/18/2016. The below should fix ones affected before this. Applying the Update a 2nd/3rd time may apparently fix the issue as well.

Found a fix to this, You will need the Truetype fonts from a good machine. Unknown if this fixes the Orange screen and black lines/dashes screens but I assume that it probably should fix those as well.

I would make sure you have your Bitlocker Recovery key handy in case this triggers a forced Recovery key check.

This was only affecting machines with Windows 10 with UEFI boot that ran the 3172985 fix. We had Dell Optiplex 7040 and Dell E7470 affected as well as Lenovo T450S. Surface Pro 4's and Dell Optiplex 990's were unaffected as were most machines.

You'll need a working machine that hasn't had the update applied yet to be the EFI TTF Font donor.

On a working machine.

use an admin command prompt

diskpart

select disk 0

select partition 1

assign letter=s:

Keep the diskpart window open don't close it yet

Open another Admin Command Prompt window

goto s:\efi\microsoft\boot\fonts

Save a copy of all the TrueType Fonts from the working machine. Maybe to a thumb drive or something.

Note: Windows Explorer doesn't work for this as far as I can tell as it complains about security permissions and there's no tab to change this. Probably by design for the Win File Explorer.

Back in the diskpart window

remove letter=s:

This is important so your user doesn't accidentally do any damage to the EFI partition later.

on the affected machine

use an admin command prompt

diskpart

select disk 0

select partition 1

assign letter=s:

Keep the diskpart window open don't close it yet

Open another Admin Command Prompt and overwrite the files in s:\efi\microsoft\boot\fonts with your good Truetype files. Or if you prefer rename the old ones to *.bak and then copy your good files here.

Back in the diskpart window

remove letter=s:

Confirmed that this fixes Dell E7470 with the issue.

Hope this helps!

Answer 4

It could be a BIOS or UEFI issue, because Bitlocker loads in a PBA environment, when no Windows drivers are loaded, so all this scannow stuff and attempts to upgrade video drivers are good for nothing. In any case, Microsoft should have looked into this though, because of its "Secure Boot gem", which got little to do with "security" and much more to do with you being roped in to Microsoft software.

Lol, my solution was to toss Bitlocker out of the window and use Symantec Encryption Desktop, because Microsoft proved to be singularly useless and non-responsive to this major and important issue, absolutely disregarding customer's concerns, who forked out a significant amount of money for the dubious privilege to own Windows 10 Professional. I f you have Dell Lattitude use Dell Security tools which are able to hardware encrypt Opal compliant SED SSDs, if you have Lenovo, use WinMagic for Opal compliant SED SSDs, otherwise use Symantec Encryption Desktop. One word of caution for Dell users, Windows 10 installed on GPT partitioned disk on UEFI machine with Secure Boot enabled will not allow Dell Security Tools to encrypt the drive and if you will try upgrade from Windows 7 to 10, the upgrade will fail, depending on the model of your machine, better contact Dell beforehand for correct procedure which will usually involve completely uninstalling Dell Security Tools after the drive was decrypted, then upgrading and then re-installing DDP and trying to re-encrypt the drive. No guarantees with GPT partitioned disks, backup your entire disk as it might be rendered inaccessible.

Answer 5

Hi,

we have the same problem since the windows 10 updates from 07/12/2016. We already wasted a lot of time just to find out that the only thing we had to do was typing the password. I already started a thread in partner community. Here a summary:

I am pretty sure that this is because of KB3163912 because, as decribed in https://support.microsoft.com/en-us/kb/3172985 this contains the patch "MS16-084: Cumulative security update for Internet Explorer: July 12, 2016", which affects BitLocker as well, as decsribed in https://technet.microsoft.com/library/security/MS16-094 .

It happened on 3 of our machines, all are Dell Latitude 7440 machines. We have one Dell Latitude 7530 machine where this did not happen.

After we could get it to boot again by typing the BitLocker password, we tried to update drivers, including graphics drivers, and BIOS update on one computer. All did not help. sfc /scannow did not fix this either.

Best Regards

Felix Alter, SOLUTIONS GmbH