The Windows Defender Security Centre is asking me to update TPM which requires Clear TPM. And above the Clear TPM button, there is a text says
... Ensure you back up your data before clearing the TPM...
I was unclear about what to back up, so I googled it and found that I need to backup keys and any files have been encrypted according to the 2nd post from this thread on techpowerup.com.
I'm not entirely sure what keys need to be backed up and how. If by keys the author was referring to Credential, I have checked Credential Manager and it seems I can backup the Windows Credential but not the Web Credential.
Regarding the encrypted files, I'm not sure if he was referring to files protected by BitLocker. If that is the case, how do I find all encrypted files? I think my entire C drive was protected BitLocker but somehow the BitLocker is suspended:
My system info
- System: Win10 64bit (1803)
- Device: Surface pro 3
1 Answer
If that is the case, how do I find all encrypted files?
All your files are currently encrypted, but since BitLocker is suspended, they are currently accessible to all users due to the encryption key being in the clear. The warning message is asking you to backup any data important.
The Windows Defender Security Centre is asking me to update TPM which requires Clear TPM.
If you want to do this, then Turn Off BitLocker, update your TPM and then Turn On BitLocker after the update is successfully installed. Clearing the TPM on a system that has BitLocker enabled on the system drive, is a very bad idea.
I was unclear about what to back up
You should already have a backup of your BitLocker recovery key.
Even though BitLocker is suspended, when I clicked the disable button, it started the decryption process. Isn't that suggesting files that had been encrypted when BitLocker was active are still encrypted?
BitLocker is suspended which means your encryption key is available to everyone in the clear.
Suspension of BitLocker does not mean that BitLocker decrypts data on the volume. Instead, suspension makes key used to decrypt the data available to everyone in the clear. New data written to the disk is still encrypted.
While suspended, BitLocker does not validate system integrity at start up. You might suspend BitLocker protection for firmware upgrades or system updates.
If you have already installed the update, provided that is the case, then BitLocker protection can safely be resumed. It appears suspending BitLocker is enough when to install firmware upgrades or system updates.
I didn't even know when I enabled BitLocker.
BitLocker is enabled by default on Surface Pro 3 devices.
3
