How to backup before clearing TPM

1

The Windows Defender Security Centre is asking me to update TPM which requires Clear TPM. And above the Clear TPM button, there is a text says

... Ensure you back up your data before clearing the TPM...

I was unclear about what to back up, so I googled it and found that I need to backup keys and any files have been encrypted according to the 2nd post from this thread on techpowerup.com.

I'm not entirely sure what keys need to be backed up and how. If by keys the author was referring to Credential, I have checked Credential Manager and it seems I can backup the Windows Credential but not the Web Credential.

Regarding the encrypted files, I'm not sure if he was referring to files protected by BitLocker. If that is the case, how do I find all encrypted files? I think my entire C drive was protected BitLocker but somehow the BitLocker is suspended:

enter image description here

My system info

  • System: Win10 64bit (1803)
  • Device: Surface pro 3

Anthony

Posted 2018-05-09T12:19:46.013

Reputation: 125

Answers

3

If that is the case, how do I find all encrypted files?

All your files are currently encrypted, but since BitLocker is suspended, they are currently accessible to all users due to the encryption key being in the clear. The warning message is asking you to backup any data important.

The Windows Defender Security Centre is asking me to update TPM which requires Clear TPM.

If you want to do this, then Turn Off BitLocker, update your TPM and then Turn On BitLocker after the update is successfully installed. Clearing the TPM on a system that has BitLocker enabled on the system drive, is a very bad idea.

I was unclear about what to back up

You should already have a backup of your BitLocker recovery key.

Even though BitLocker is suspended, when I clicked the disable button, it started the decryption process. Isn't that suggesting files that had been encrypted when BitLocker was active are still encrypted?

BitLocker is suspended which means your encryption key is available to everyone in the clear.

Suspension of BitLocker does not mean that BitLocker decrypts data on the volume. Instead, suspension makes key used to decrypt the data available to everyone in the clear. New data written to the disk is still encrypted.

While suspended, BitLocker does not validate system integrity at start up. You might suspend BitLocker protection for firmware upgrades or system updates.

If you have already installed the update, provided that is the case, then BitLocker protection can safely be resumed. It appears suspending BitLocker is enough when to install firmware upgrades or system updates.

I didn't even know when I enabled BitLocker.

BitLocker is enabled by default on Surface Pro 3 devices.

Suspend-BitLocker

Ramhound

Posted 2018-05-09T12:19:46.013

Reputation: 28 517

Are the keys mentioned in the thread from techpowerup.com referred to BitLocker keys? Where do I find the backup? I'm unaware of the backup key. I didn't even know when I enabled BitLocker. Maybe it was enabled when the device was shipped? Also +1ed for saying thank you :) – Anthony – 2018-05-09T13:33:06.650

1@Anthony - I have already answered your question about the keys refered to the article. If you did not backup recovery key already, you should do that, using the provided option (as indicated in your screenshot). If I have answered your question, you should accept the answer, otherwise please indicate part of your question you feel has not been addressed. – Ramhound – 2018-05-09T15:10:07.407

1@Anthony: When BitLocker is "suspended", the whole disk is still encrypted but the master key is revealed on the disk itself (not hidden in a TPM). So in this mode the disk can be accessed freely despite encryption. – user1686 – 2018-05-09T19:50:24.610

Asked: 2018-05-09T12:19:46.013

Viewed: 4 386 times

Active: 2018-05-09T15:07:30.763