-
Notifications
You must be signed in to change notification settings - Fork 411
Full Disk Encryption Detected
Sometimes during BIOS updates, you may encounter the following message:
╔══════════════════════════════════════════════════════════════════════════════╗
║ Full Disk Encryption Detected ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ Some of the platform secrets may be invalidated when updating this ║
║ firmware. Please ensure you have the volume recovery key before continuing. ║
╚══════════════════════════════════════════════════════════════════════════════╝
See also https://github.com/fwupd/fwupd/issues/3829 for more background information.
If you encounter this message, chances are you have a dual boot setup with a Windows installation on a separate partition which is protected by BitLocker. Installing the BIOS update may invalidate the state, and BitLocker would need to be manually unlocked when you boot into Windows the next time. To unlock it, you will need the volume recovery key, which you should back up before installing the BIOS update, see https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6 for information on how to do that.
Alternatively, you can install the BIOS update from Windows, which will then temporarily disable BitLocker during the installation procedure.
Similarly, if BitLocker is disabled on Windows, you can ignore the warning and proceed with the installation via fwupd. See https://github.com/fwupd/fwupd/issues/4400 for more information on this.