Secure Boot Violation

Oooh NO! Now I know better when I installed my copy of Windows 11, I did a fresh install with Refus and zapped TPM 2.0 and disabled Bitlocker nonsense.

So our HP Laptop was not impacted. However, when my son setup his nephews All-in-one he did the Microsoft way which means Bitlocker was enabled and generated an evil key. Why is this evil you ask. Its designed to LOCK down everything including BIOS controls until the key is typed correctly.

In my past when a bad update is present stuff just won't work right. HOWEVER YOU CAN LOGIN

account.microsoft.com/devices/recoverykey

If you can authenticate you are presented with a 48 digit code. ENTER FOR RESTORATION

If everything is good, then you get the screen CODE Successful.

That was a lot of work to gain access back to all your data. YES everything did come back. But for those screaming NEVER AGAIN there are options to opt out of this insanity. If it's your work computer, discuss with your IT department as this maybe disabled for administration only.

Dear Substack Subscribers:

BITLOCKER REMOVAL OPTIONS

To remove BitLocker, open the ll Panel, select "BitLocker Drive Encryption," and click "Turn off BitLocker" next to the encrypted drive. You will need administrator permissions, and the decryption process may take time, though you can continue using the computer.

Important Notes:

If your drive is locked, you must first click "Unlock drive" and enter your password or recovery key.

If you cannot access Windows, you may need the recovery key from your Microsoft account, or you might have to format the drive, which will erase all data.

For persistent issues, you can disable the "BitLocker Drive Encryption Service" via services.msc

Comments

[John Hilla]

Out of habit, I did create a new USB Recovery Image of Windows 11 with Refus READY to GO. But not today, crisis averted.