Short explanation
It's a Dell Inspiration 15 7000 which ran the original factory Windows 10 installation from Dell that came with the Notebook. It won't boot from it's internal SSD anymore after temporary removal of the drive. Checking the drive via command-line tools shows the drive as being encrypted.
And here is the full explanation:
Sorry for being so lengthy, I tried to structure it as good as possible...
What happened:
The drive was removed (to create a clone which failed due to insufficient space on the target drive) and plugged back in afterward, nothing else has changed. Trying to turn the notebook back on the boot-up just failed.
Preliminary checks:
Checking the BIOS (the screen called "Bootsequenz") shows the SSD's Partition 1 as the UEFI entry, but the "Windows Boot Manager" entry is missing. I think it used to look either similar to this or it just had the Windows Boot Manager entry (the image is from the internet):
Checking via the command line tool using a Window 10 installations image via USB I get the following entry:
C:\>manage-bde -status G:BitLocker Drive Encryption: Configuration Tool version 10.0.22000Copyright (C) 2013 Microsoft Corporation. All rights reserved.Volume G: [][Data Volume] Size: Unknown GB BitLocker Version: 2.0 Conversion Status: Used Space Only Encrypted Percentage Encrypted: 100,0% Encryption Method: XTS-AES 128 Protection Status: Protection Off Lock Status: Unlocked Identification Field: Unknown Automatic Unlock: Disabled Key Protectors: None FoundFurther analysis:
Bitlocker was not enabled by the user through Windows/Bitlocker so no recovery key was saved. So I wonder what happened here. I tried manage-bde -protectors -get c: which should give me the identification of the recovery key but it says it can't find any security measures. manage-bde -off C: is not possible either. I also read that it doesn't have to be Bitlocker itself just a Bitlocker-based implementation.
Additional background info:
The device/laptop has PPT is implemented, not TPM (no TPM option in the BIOS). PPT is activated in the BIOS.
In the BIOS the option Secure Boot is enabled, Secure Boot Mode is "Deployed Mode". In Expert Key Management the "Custom mode" is not enabled but there seem to be a few keys stored under the "PK" selection.
The encrypted partition is the Windows system partition (460 GB), the disk layout had more or less the standard Windows partitioning, the same if you would install Windows manually. The EFI System Partition at the beginning, followed by the system partition. Although were are two additional recovery partitions, probably used for Dell recovery options, and the EFI partition didn't have the regular 100MB but 650MB. Here's a screenshot from
diskmgmt.msc(plugged in as an external USB drive):![enter image description here]()
The cloning was attempted with Clonezilla and Acronis
An additional strange thing: I'm pretty sure since I took a screenshot but please take it with a little grain of salt (in case I confused something): After the removal of the SSD it was tested in a different Win 11 system as an external USB drive and files were accessible (but a Bitlocker symbol was shown on the drive icon). If this is true then the partition must have been either unencrypted or it was encrypted but the data was accessible anyway! That sound a little strange to me. Especially when I plug the SSD into the same Win 11 system, just shows a Bitlocker encrypted partition in the disc manager (see screenshot above). Here's the screenshot from when I accessed the root dir through Win 11:
![enter image description here]()
I don't remember the C drive having some kind of "lock" symbol attached in the explorer when it was still booting up. Is it possible that the encryption/decryption wasn't done within Windows but through some BIOS features (based on Bitlockertech) thus invisible to Windows itself? I found an old screenshot and there is no lock symbol on this partition, only the regular partition disk symbol and a shared symbol:
![enter image description here]()
My thoughts on the problem:
I'm not too familiar with the security measures so I read up a little bit (e.g. here) and as far as I understand the BIOS can handle the encryption via TPM or PPT in my case (BitLocker activation without a PIN: TPM only). So to my understanding the SSD was encrypted from the very beginning, is this correct? If so what handled the decryption? PPT since TPM is not activated in the BIOS? Why doesn't it handle it any more? As far as the system is concerned nothing changed after I reinserted the SSD into the original laptop.
It seems strange though that I could access the drive in the other system. This leads me to believe that some kind of security measure triggered the encryption to be enabled. Can the data somehow be encrypted and still readable in the first place when the drive is mounted as an external USB drive?
Possible solutions:
I discovered various causes and solutions to this type of problem on the net (e.g. restoring factory setting in the Expert Key Management in the BIOS or adding a protector via manage-bde -protectors -add c: -tpm), but I don't want to try out anything before I have an thorough understanding of what will happen so I don't make things worse.
My best guess is manage-bde -protectors -add c: -tpm could do the trick, basically adding the tpm as a valid key protector again (since currently it shows Key Protectors: None Found). But again, I don't just wanna try things out since my understanding is somewhat limited at the moment.
But it seems that a few people had success recovering the data. So I'm hopping to get some helpful insights.
