Forum Discussion
BitLocker encrypted fixed drives after BIOS update with no warning
OS: Windows 11 Pro 25H2 Build 26200.8037
M/B: Asus TUF Gaming B850M-Plus Wifi
I had been running a BIOS version which is about 1 year old on a fairly recent motherboard model. I have always had an issue show up where PCR7 binding was not possible. I only run under a local account and did not want BitLocker on anyway so no big deal.
The few days ago, I updated the BIOS to a later version (not the latest). Yesterday I happened to notice that my drives were all encrypted XTS-AES 128, although BitLocker was not set up. Checking the event viewer, I saw BitLocker-API messages to confirm that starting right after the BIOS update Windows decided, with no warning or indication, to encrypt all my drives. I went to the Settings Drive encryption page (which was not even available before the BIOS update) and say Drive encryption was on. So I turned it off. The BIOS update must have fixed the PCR7 issue.
Microsoft does know about this machine since I use a subscription to Microsoft-365, but Windows is only running under a Local account. So is this expected behavior that Windows would just willy-nilly encrypt my drives without telling me? What I read tells me it should not have. What's the best way to prevent this?
3 Replies
Your BIOS update fixed the PCR7 binding issue that was previously preventing automatic device encryption from working. Once the system detected that all prerequisites were met (TPM 2.0, Secure Boot enabled, and Modern Standby support), Windows 11 silently began encrypting your drives.
Yes, I know what happened. My issue is that Windows should not be doing that when I'm using a local account. Not only is there no saved protector, but there was no indication to me that the encryption even occurred. I only discovered it by accident days later. That left a big vulnerability.
I can definitely help clarify what happened here. The short answer is: yes, this is now expected behavior on Windows 11 25H2, and Microsoft has changed the rules without any warning on your screen.
