Asus BIOS Warning: "Back Up Your Bitlocker Encryption Key"
You know how – when a waiter puts down your plate of food and says “Don’t touch the plate, it’s really hot” – you kind of have to touch the plate? After all, whenever the universe gives us humans a massive “Warning: potential danger” type message, we need to investigate because we’re a curious bunch.
So when I recently went to update my ASUS B550M-Plus’s BIOS, my interest was piqued by a new ASUS warning message:
I mean, they even have multiple exclamation marks (“Important Notice!!!“) so this message must be relevant to me – right?
What The Asus “BitLocker Recovery Key” Notice Means
BitLocker is a disk level encryption system provided by Windows, meaning that all your files and programs are securely encrypted. It’s designed to prevent unauthorized access to your system – for example if your PC or laptop was stolen.
There are different ways of setting up BitLocker protection, however it’s often configured so that users are prompted to enter a PIN or password before the system will boot into Windows. This is backed by a BitLocker recovery key that helps to secure your encrypted data, especially in cases where you need to re-setup the disk encryption or there are unauthorized access attempts.
However because many of these BitLocker checks happen during the BIOS start-up process, if you update your motherboard’s BIOS without first disabling BitLocker encryption, you mibe be locked out of your system (especially if TPM or PTT is enabled). That’s where the recovery key comes in: you will then need to use the recovery key to re-initialize the BitLocker disk encryption on Windows.
That’s why ASUS give a clear warning about BitLocker before allowing you to update the BIOS.
How To Know If BitLocker Encryption Is Enabled (Does It Apply To You?)
There are a few simple ways of checking if BitLocker encryption is enabled (or even available) on your system:
- The Windows version: Usually only the “Pro” and “Enterprise” Windows versions offer BitLocker encryption. For example I have Windows 11 Home and BitLocker is not available for me. The same is true for Windows 10 Home (i.e. BitLocker is not an option), although Win10 does offer a cut-down ‘Disk Encryption’ feature to Home users.
- Search for “BitLocker”: Hit the Windows key and start typing “BitLocker” to search for this. If “Manage BitLocker Encryption” or “BitLocker Drive Encryption” appears, then you probably do have BitLocker support. Whereas if no BitLocker results appear, you’re unlikely to have it available (and so enabled) on your system.
- Does your CPU support TPM? Your hardware (and specifically your CPU and motherboard) usually needs to offer a Trusted Platform Module – TPM – before BitLocker encryption can fully be enabled. There are ways around this (if you don’t have TPM), but you could check to see if you have a “Security processor details” section within Control Panel -> Windows Security:
Of course, simply having TPM-capable hardware and a “Manage BitLocker” option doesn’t mean that BitLocker encryption is enabled – merely that it’s available. Before updating your ASUS BIOS, you should go into the “Manage BitLocker” screen.
If it says ‘Turn on BitLocker’ (or all BitLocker entries say “Off”) then that’s good because it means that BitLocker encryption is currently disabled, and you can freely update your BIOS. However if it says “Suspend Protection” then your disk is currently enabled and you will need to pause protection (or backup your recovery key) before doing a BIOS update.
How To Suspend Protection (& Back Up The BitLocker Key) Before Updating The ASUS Bios
Whenever you enable BitLocker, you should always ensure that you keep your BitLocker recovery key safe by backing it up (this is crucial whether or not you plan to update your BIOS).
Back-Up The Recovery Key
To do this, hit the Windows key and search for “BitLocker”. Select the BitLocker option and it will open the BitLocker Encryption section of the Windows control panel. Then select “Back up your recovery key”.
You can then choose where you want to save your key, including straight to a USB file – or even to your ‘cloud’ Microsoft account (as of Windows 11). I’m old school so I usually go with a USB file (or even print it out, and stick the page in a filing cabinet), although it can be useful to save it against your Microsoft account too just in-case your house burns down or something!
(Hopefully none of our houses burn down, though!)
Suspend BitLocker Protection
In general it is best to simply disable BitLocker protection before you upgrade the BIOS. To do this, search Windows for “BitLocker” and open the BitLocker result. There will be an option to “Suspend Protection”, so click this:
Then you can upgrade your BIOS as normal:
Tip: Just be sure to go back and re-enable BitLocker protection after the BIOS update has completed, otherwise your system and its files will be unprotected.
Final Tip: Choose YES (Not NO) On The ASUS Warning Message
The ASUS warning message is quite confusing:
After all, it doesn’t ask you any sort of question – but yet the button options are “Yes” and “No”! This confused me at first (do I click “No” if I don’t have it enabled?!), so I wanted to be crystal clear here. You can only proceed with a BIOS update by clicking on “Yes”. Clicking on “No” takes you back to the BIOS update page but doesn’t install anything.
So you need to ensure that BitLocker is disabled (or you have backed up the recovery key) and then you click “Yes” to proceed with the ASUS BIOS update.
Related Reading: What is “TUF Gaming” and “ROG”? (Is It Just Asus Marketing?)