Forum Discussion
My hard drive is encrypted with Bit Locker and I can't unlock it. What should I do
I'm using an NVMe SSD on Windows 11, and I previously enabled Bit Locker for full disk encryption. But today, after booting up, I encountered the following situation: the system prompts "A recovery key is required to unlock the drive." The recovery key I found after logging into my Microsoft account is invalid.
What could be causing this? I recently performed a Windows update and also upgraded the BIOS, so I'm unsure if that's related.
3 Replies
This situation usually happens when BitLocker detects a change in the system’s security state — for example after a BIOS/UEFI update, TPM firmware update, or certain Windows updates. When that happens, BitLocker may require the recovery key.
If the recovery key stored in your Microsoft account is reported as “incorrect”, there are a few likely causes:
✔ 1. The drive may have been re‑encrypted after the update
Some BIOS updates reset TPM measurements, causing Windows to treat the disk as a “new” encrypted volume.
In that case, the old recovery key no longer matches.
✔ 2. You may have multiple recovery keys
Microsoft accounts often store several keys for the same device (especially after reinstalls or hardware changes).
Make sure you check all keys listed under your device.
✔ 3. Secure Boot / TPM settings changed
If the BIOS update reset settings such as:
Secure Boot mode
TPM state (enabled/disabled)
Boot order
…BitLocker may reject the key because the platform configuration changed.
✔ 4. The disk might not be using the key you think
If you cloned, replaced, or re‑initialized the NVMe drive at any point, the recovery key in your Microsoft account may belong to the previous installation.
✔ What you can try
1. Check all recovery keys associated with your Microsoft account
https://account.microsoft.com/devices/recoverykey (account.microsoft.com in Bing)
Sometimes the correct key is listed under a different device name.
2. Enter BIOS and verify:
TPM is Enabled
Secure Boot is Enabled
Boot mode is UEFI, not Legacy
No “factory reset” of security settings occurred
Restoring these settings sometimes makes the original key valid again.
3. If the key truly doesn’t match
Unfortunately, BitLocker encryption cannot be bypassed.
If the recovery key is invalid and no other copy exists, the only option is to format the drive and reinstall Windows.
✔ Why this happens after updates
BitLocker relies on TPM measurements.
When BIOS/UEFI changes, the TPM thinks the system might have been tampered with and demands the recovery key.
If the update also resets TPM or Secure Boot keys, the old recovery key becomes invalid.
Go and check if the BitLocker recovery is saved in your Microsoft account.
Hello Roccojun,
A BIOS update can trigger BitLocker recovery, especially if TPM-related settings or secure boot measurements have changed. In that case, Windows may require the recovery key before allowing access to the drive.
If the recovery key from your Microsoft account is being reported as invalid, I would first verify that the Recovery Key ID displayed on the recovery screen matches the Recovery Key ID associated with the key stored in your Microsoft account. It is not uncommon to find multiple recovery keys linked to the same account.
A few questions:
* Does the Recovery Key ID on the screen match the one in your Microsoft account?
* Was the SSD ever moved from another PC?
* Is this a personal device or one managed by an organization?
If the key IDs do not match, the correct recovery key may have been saved to a different Microsoft account, a work/school account, or backed up elsewhere when BitLocker was enabled.
Regards,
Kadir O.
