LINUX LITE 7.2 FINAL RELEASED - SEE RELEASE ANNOUNCEMENTS SECTION FOR DETAILS


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Live System USB Linux Lite USB triggers bitlocker recovery on Thinkpad X13
#1
Hey,

I'm trying to run a Live System version of Linux Lite off a USB on a work Lenovo thinkpad x13 which is running Windows 11 and is bootlocker protected with TPM2.0.

I can boot it by turning off Safe Boot but then it's a pain as when i try to boot the windows partition it asks for a BitLocker recovery key.

I can also boot it with Secure Boot by enabling "Allow Microsoft 3rd Party UEFI CA" in the Lenovo Bios, but for some reason that still triggers Bitlocker recovery when booting into Windows?

Has anyone found a solution for this? Why should bitlocker care that 3rd party is enabled, it's still a certified secure boot? Is it to do with the TPM? I would love to just be able to boot off the USB without going into the BIOS everytime. Thanks in advance!
Reply
#2
I WAS ABLE TO FIND A SOLUTION THANKS TO CHATGPT

So it recommended I suspend Bitlocker in Windows then booting into Linux after. I had read that before but I thought it needed to be suspended everytime before booting Linux:
"The initial suspension of BitLocker is a one-time process to allow Windows to recognize and adapt to the new boot configuration without triggering recovery mode. Once you have resumed BitLocker after suspending it and configuring the BIOS/UEFI settings, BitLocker should not trigger recovery mode again for these specific settings."

Here are the steps I followed for anyone wondering:

1. Backup BitLocker Recovery Key: Ensure you have the BitLocker recovery key backed up.

2. Suspend BitLocker Protection:

Open the Control Panel.
Go to System and Security > BitLocker Drive Encryption.
Select Suspend protection for the drive where BitLocker is enabled.
Confirm the suspension.
Configure BIOS/UEFI Settings:

3.Reboot and enter the BIOS/UEFI settings.

Enable "Microsoft 3rd Party UEFI" to allow Linux Lite to boot.
Save and exit the BIOS/UEFI settings.

4. Boot into Linux to check it's working

5.Boot into Windows:

Boot into Windows with the new BIOS/UEFI settings.
Since BitLocker was suspended, it should not require a recovery key.
Resume BitLocker Protection:
In Windows, go back to Control Panel > System and Security > BitLocker Drive Encryption.
Select Resume protection.

Following those steps allowed me to dual boot without needing to constantly change Secure Boot Settings to avoid Bitlocker recovery.
Cheers
Reply


Forum Jump:


Users browsing this thread: 12 Guest(s)