Pre-boot BitLocker password typing affected by TPM?

  1. Posts : 51
    Windows 10 Pro x64 21H1

    Pre-boot BitLocker password typing affected by TPM?

    I wish I encountered normal problems, but no. I expect this will be another one that no one can explain...

    I have been using my Win10 system for well over a year now. I only just enabled the TPM in the BIOS, to check if my system is Win11 compatible (it is). My BIOS version is not the latest but it is relatively new.

    But ever since enabling the TPM, it's hard to type the pre-boot BitLocker password. I have to type e-x-t-r-e-m-e-l-y slowly, or else some of what I type won't register.

    Any idea why this is? Obviously, I could simply disable the TPM again, but I'm guessing this will continue to be an issue with Win11.
      My Computer

  2. hsehestedt's Avatar
    Posts : 2,449
    Windows 11 Pro, 21H2

    STRESSED, I don't have an answer for you, but I do have some questions. I'll do some research to see if I can find any answers to your direct question, or maybe someone else has a better idea than do I.

    So, here is my question: What kind of pre-boot password are you using? Are you using a pre-boot password configured in the BIOS or are you using a password to unlock a BitLocker encrypted drive.

    The reason I ask is simply that if you have a TPM in your system, you don't even need a password to unlock the drive.
      My Computers

  3. Posts : 51
    Windows 10 Pro x64 21H1
    Thread Starter

    Sorry for being unclear. The problem occurs when I'm typing the BitLocker password. The blindingly-blue BitLocker password screen appears right after the BIOS has displayed its message.

    You can actually configure how to use BitLocker works if you have a TPM, at least with Win10 Pro. You can use the TPM and a 6-20 digit PIN, a key file, both, or just the TPM. Some systems also let you use an "enhanced PIN" which is actually more like a password. You can also configure Windows to ignore the TPM, which is what I did. These settings only affect BitLocker when applied before the BitLocker volume is encrypted, so I can't change them now without decrypting / re-encrypting (not that I want to).

    So in theory, my enabling the TPM setting in the BIOS shouldn't have changed anything. And technically, it didn't--everything works the same as before, except that it's a lot harder to type the password now. It's a really strange problem.

    I'll probably turn the TPM setting off and just see what happens when Win11 rolls around. Just wanted to understand what was going on.

    This is from the internet, not from my system. I think mine says "password" not "PIN" but it's the same basic thing:

    Pre-boot BitLocker password typing affected by TPM?-bitlocker-login.png
      My Computer

  4. hsehestedt's Avatar
    Posts : 2,449
    Windows 11 Pro, 21H2

    Thanks for the clarification. Still not sure why it would accept the password so slowly, but I guess I'm just not understanding why you would want to have to enter a password if you already have BitLocker. Wouldn't it be far easier to enable the TPM and dispense with the pre-boot password?

    After all, you still have to enter a password (or a pin if using a Microsoft account) to logon the system after the initial boot anyway.

    Not saying that you cannot do it the way are, I've just never seen anyone require a pre-boot password when they already have BitLocker with a TPM. After all, that's one of the big advantages of having a TPM - it does the authentication for you in place of a pre-boot password.
      My Computers

  5. Posts : 21
    Windows 10 Pro

    @STRESSED I also use the Bitlocker PIN for greater security and have no problems entering it at BOOT time. My motherboard is an ASUS Prime X570PRO and I am using a wireless keyboard/mouse with the transceiver device plugged into a USB3 port. I think your problem has to be very basic since at this stage as I see it, we're still in the BIOS boot process. How is your keyboard connected---wireless, hard-wired or Bluetooth perhaps?
    I have also had this Desktop setup for Bitlocker using the firmware TPM mode as well as the discrete TPM---no problems either way with entering the PIN. I have been on various BIOS levels and just flashed to the latest 4002, two days ago-- no problems.
    Before I'd try updating your BIOS, I would try a different keyboard to see if that helps. If you're currently using wireless--try a hard-wired one etc.

    Edit:- My sign in screen shows PIN.
      My Computers

  6. Posts : 51
    Windows 10 Pro x64 21H1
    Thread Starter

    I use a password with BitLocker and definitely do not want my system to automatically log in because to me, that would defeat the entire purpose. I want my drive to be as hard as possible to gain access to, and automatic unlocking when the power is turned on doesn't do that. Maybe I'm missing something.

    I'm using a Corsair K70 RGB Rapidfire wired keyboard (I'd never use a wireless keyboard...).

    I just disabled TPM in the BIOS, and things are back to normal. I guess I have no use for a TPM now and I'll just enable it when Win11 forces me to for no valid reason.

    Thanks for the replies.

    Edit: I don't want to debate this, but I just don't trust TPMs. I'd rather store the "key" (i.e. a strong password) in my head. Yes, I am worried about the government:

    Can the NSA Break Microsoft's BitLocker? - Schneier on Security
    Last edited by STRESSED; 27 Jun 2021 at 09:36.
      My Computer

  7. hsehestedt's Avatar
    Posts : 2,449
    Windows 11 Pro, 21H2

    No offense intended here whatsoever, just in case what I'm saying sounds offensive in any way, but I'd like to suggest doing some reading on how BitLocker and a TPM actually work.

    Of course, you are free to choose the options that you want and there is absolutely noting wrong with that!

    EDIT: Another reason to become familiar with a TPM: It is REQUIRED for Windows 11 as you noted in your original post.
      My Computers

  8. Posts : 51
    Windows 10 Pro x64 21H1
    Thread Starter

    I understand enough of how it works. I do not want any part of the master key stored in the TPM, because I don't trust them. The article I linked to above outlines one reason I don't trust them. The VeraCrypt documentation bolsters my feelings on this. They call it a "Trusted Platform Module", but I don't trust it. For me, it is an "Untrusted Platform Module".

    TPMs provide convenience. Microsoft knows that people hate entering long passwords. So, the TPM stores part of the BitLocker key and lets you access a BitLocker-encrypted disk by providing just your Windows credentials. This is what I do not like. It's not secure enough. I don't want (even partial) passive decryption that anyone can use simply by hitting my PC's power button.

    My main concern is someone taking my entire PC and then trying to access my drive--while still in my PC--without me being present. A TPM would make this easier for them. I am far less worried about the drive being removed.

    So instead of allowing the TPM to provide part of the key, I want the entire key to depend on what is in my own brain, in the form of a long, complex password.

    Win11 may require a TPM, but I haven't seen that it requires it to actually be used in any specific way.

    BTW, I discovered that it wasn't the AMD fTPM setting itself that was causing my keyboard issue. It seems to have been another setting ("Security Device Support") that I originally enabled at the same time (because my motherboard's documentation seems to be in error). I now have the TPM enabled and no longer have this issue.
    Last edited by STRESSED; 08 Jul 2021 at 10:47.
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:14.
Find Us

Windows 10 Forums