Asus BIOS Warning: ‘Back Up Your Bitlocker Encryption Key’

You know how – when a waiter puts down your plate of food and says “Don’t touch the plate, it’s really hot” – you kind of have to touch the plate? After all, whenever the universe gives us humans a massive “Warning: potential danger” type message, we need to investigate because we’re a curious bunch.

So when I recently went to update my ASUS B550M-Plus’s BIOS, my interest was piqued by a new ASUS warning message:

A close up of the Asus motherboard BIOS warning about Bitlocker in the OS
A close up of the Asus motherboard BIOS warning: “Please back up your Bitlocker recovery key and suspend Bitlocker encryption in the operating system before updating your BIOS.”

I mean, they even have multiple exclamation marks (“Important Notice!!!“) so this message must be relevant to me – right?

Key Points

  • BitLocker: BitLocker is a Windows disk encryption feature that protects all your files and programs.
  • Start-up Checks: BitLocker is often enforced when your system starts up. So if you update your BIOS without having the BitLocker recovery key, you could get locked out of your system.
  • Windows 10/11 Home: Not all Windows versions offer BitLocker encryption features. Usually only the “Pro” and “Enterprise” versions do.
  • Suspend Protection: It’s often best to suspend BitLocker protection from within Windows before updating your BIOS.

What The Asus “BitLocker Recovery Key” Notice Means

The ASUS BIOS update page with a Bitlocker encryption key warning
The ASUS BIOS update page with a Bitlocker encryption key warning

BitLocker is a disk level encryption system provided by Windows, meaning that all your files and programs are securely encrypted. It’s designed to prevent unauthorized access to your system – for example if your PC or laptop was stolen.

There are different ways of setting up BitLocker protection, however it’s often configured so that users are prompted to enter a PIN or password before the system will boot into Windows. This is backed by a BitLocker recovery key that helps to secure your encrypted data, especially in cases where you need to re-setup the disk encryption or there are unauthorized access attempts.

However because many of these BitLocker checks happen during the BIOS start-up process, if you update your motherboard’s BIOS without first disabling BitLocker encryption, you mibe be locked out of your system (especially if TPM or PTT is enabled). That’s where the recovery key comes in: you will then need to use the recovery key to re-initialize the BitLocker disk encryption on Windows.

That’s why ASUS give a clear warning about BitLocker before allowing you to update the BIOS.

How To Know If BitLocker Encryption Is Enabled (Does It Apply To You?)

There are a few simple ways of checking if BitLocker encryption is enabled (or even available) on your system:

  • The Windows version: Usually only the “Pro” and “Enterprise” Windows versions offer BitLocker encryption. For example I have Windows 11 Home and BitLocker is not available for me. The same is true for Windows 10 Home (i.e. BitLocker is not an option), although Win10 does offer a cut-down ‘Disk Encryption’ feature to Home users.
  • Search for “BitLocker”: Hit the Windows key and start typing “BitLocker” to search for this. If “Manage BitLocker Encryption” or “BitLocker Drive Encryption” appears, then you probably do have BitLocker support. Whereas if no BitLocker results appear, you’re unlikely to have it available (and so enabled) on your system.
  • Does your CPU support TPM? Your hardware (and specifically your CPU and motherboard) usually needs to offer a Trusted Platform Module – TPM – before BitLocker encryption can fully be enabled. There are ways around this (if you don’t have TPM), but you could check to see if you have a “Security processor details” section within Control Panel -> Windows Security:
The AMD TPM details on my PC
The AMD TPM details on my PC

Of course, simply having TPM-capable hardware and a “Manage BitLocker” option doesn’t mean that BitLocker encryption is enabled – merely that it’s available. Before updating your ASUS BIOS, you should go into the “Manage BitLocker” screen.

If it says ‘Turn on BitLocker’ (or all BitLocker entries say “Off”) then that’s good because it means that BitLocker encryption is currently disabled, and you can freely update your BIOS. However if it says “Suspend Protection” then your disk is currently enabled and you will need to pause protection (or backup your recovery key) before doing a BIOS update.

How To Suspend Protection (& Back Up The BitLocker Key) Before Updating The ASUS Bios

Whenever you enable BitLocker, you should always ensure that you keep your BitLocker recovery key safe by backing it up (this is crucial whether or not you plan to update your BIOS).

Back-Up The Recovery Key

To do this, hit the Windows key and search for “BitLocker”. Select the BitLocker option and it will open the BitLocker Encryption section of the Windows control panel. Then select “Back up your recovery key”.

The option to Back up your BitLocker recovery key
The option to Back up your BitLocker recovery key

You can then choose where you want to save your key, including straight to a USB file – or even to your ‘cloud’ Microsoft account (as of Windows 11). I’m old school so I usually go with a USB file (or even print it out, and stick the page in a filing cabinet), although it can be useful to save it against your Microsoft account too just in-case your house burns down or something!

(Hopefully none of our houses burn down, though!)

Suspend BitLocker Protection

In general it is best to simply disable BitLocker protection before you upgrade the BIOS. To do this, search Windows for “BitLocker” and open the BitLocker result. There will be an option to “Suspend Protection”, so click this:

The option to suspend BitLocker drive encryption
The option to suspend BitLocker drive encryption

Then you can upgrade your BIOS as normal:

Flashing the BIOS of an Asus motherboard using a USB and the EZ Flash 3 utility within the BIOS
Flashing the BIOS of my Asus motherboard

Tip: Just be sure to go back and re-enable BitLocker protection after the BIOS update has completed, otherwise your system and its files will be unprotected.

Final Tip: Choose YES (Not NO) On The ASUS Warning Message

The ASUS warning message is quite confusing:

Updating my Asus B550M Plus BIOS and getting a message to check my Bitlocker encryption key
Updating my Asus B550M Plus BIOS and getting a message to check my Bitlocker encryption key

After all, it doesn’t ask you any sort of question – but yet the button options are “Yes” and “No”! This confused me at first (do I click “No” if I don’t have it enabled?!), so I wanted to be crystal clear here. You can only proceed with a BIOS update by clicking on “Yes”. Clicking on “No” takes you back to the BIOS update page but doesn’t install anything.

So you need to ensure that BitLocker is disabled (or you have backed up the recovery key) and then you click “Yes” to proceed with the ASUS BIOS update.

cropped A picture of me Tristan
About Tristan Perry

Tristan has been interested in computer hardware and software since he was 10 years old. He has built loads of computers over the years, along with installing, modifying and writing software (he's a backend software developer 'by trade').

Tristan also has an academic background in technology (in Math and Computer Science), so he enjoys drilling into the deeper aspects of technology.

Tristan is also an avid PC gamer, with FFX and Rocket League being his favorite games.

If you have any questions, feedback or suggestions about this article, please leave a comment below. Please note that all comments go into a moderation queue (to prevent blog spam). Your comment will be manually reviewed and approved by Tristan in less than a week. Thanks!

4 thoughts on “Asus BIOS Warning: ‘Back Up Your Bitlocker Encryption Key’”

  1. Thanks for your article – also might be worth mentioning that in some cases (like mine!), when you type in Bitlocker (Windows 11), and you do get a “Manage BitLocker” in your search, you might find that all BitLockers are set to “Off”. In which case you should be good to go 🙂

    Reply

Leave a comment