Forum Discussion
BitLocker recovery still occurring after KB5089549 installation on HP EliteBook
Not sure if related, but have been facing a lot of issues since the latest April updates on our AVD Farms using Confidential Compute + Disk Encryption Set. All VM's immediately start in bitlocker recovery mode? Have tried the same steps during image build as mentioned above.
Based on the current behavior, this now appears more related to measured boot / PCR measurement drift rather than the original “invalid PCR7 configuration” issue Microsoft documented.
The symptoms seem closely related to the Secure Boot / BitLocker issue discussed in these articles:
https://support.microsoft.com/en-us/topic/may-12-2026-kb5089549-os-builds-26200-8457-and-26100-8457-28ec2a99-4bbe-481d-a340-5c6cf18d9acb
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-issue-only-for-windows-11-users/
However, in this case:
KB5089549 installed successfully,
PCR7 is healthy/bound,
TPM and Secure Boot are healthy,
but BitLocker recovery still occurs after reboot.
I suspect there may still be an unresolved interaction involving: