Encrypted Windows10 starts decrypted when it is rebooted after a system update

2

I am running fedora and windows 10 in dual boot, both oft which are encrypted separately. Whenever windows 10 updates, while shutting down, the next time I boot up in windows I don't need to enter the decryption key and I have full access on all of my data and all the programmes. I usually don't use windows for weeks, so basically my windows partition is never encrypted.(it always updates when I use it and it is therefore always in the decrypted mode).

  • What exactly is happening?
  • Where does windows store the key for the decryption?
  • And is there a way to stop this behaviour, or is it necessary for updates?

Some more detailed information about the system I am running:

  • I have the fast startup feature deactivated already, so the shut down should be a full shut down, and not the fake one.

  • I am running UEFI on the Laptop.

  • There is no TPM Module build in.

  • I don't know if I have secure-boot activated, it might be tho.

  • I don't think that a self encrypted SSD is used. The first time I used the Laptop it was running without encryption.

besinnungslos

Posted 2018-09-27T08:51:49.220

Reputation: 23

1Does your computer: 1) use UEFI boot mode, 2) use Secure Boot, 3) have a TPM chip enabled, 4) have a "self-encrypting" SSD? – user1686 – 2018-09-27T10:14:49.323

Thanks for your comment. I have put the answer in the question. The open questions will be answered later today. I will also check for the exact model number of the laptop. – besinnungslos – 2018-09-27T10:23:54.640

Answers

1

This actually appears to be a bug in 10.1803:

Bug? Feature? Power users baffled as BitLocker update switch-off continues – El Reg

Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates. […]

Windows Update has code to suspend BitLocker during significant OS updates if the system is using a TPM, because it needs to reprogram the TPM to accept the new kernel and other state. (The keys are stored in such a way that the TPM would refuse to give them out if someone tampered with the OS.)

Suspending BitLocker is done by writing the unprotected master key directly into the disk's (partition's) BitLocker header, alongside the normal passphrase-protected key. Normally Windows resumes BitLocker after a reboot by wiping this unprotected key.

But it seems that there is a bug which triggers this function unnecessarily – apparently even on machines without a TPM such as yours.

user1686

Posted 2018-09-27T08:51:49.220

Reputation: 283 655

This is the final sentence of the article you quoted: Jeff Jones, senior director at Microsoft, said: “On older devices without a Trusted Platform Module, Bitlocker may be temporarily suspended during some updates. Protection resumes after the machine is restarted." – I say Reinstate Monica – 2018-09-27T11:09:59.667

Asked: 2018-09-27T08:51:49.220

Viewed: 38 times

Active: 2018-09-27T10:34:00.853