[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GRub 2.06 and W10 bitlocker : seems to create unexpected new coexistance

From: Eric Valette
Subject: GRub 2.06 and W10 bitlocker : seems to create unexpected new coexistance problem. Any advice?
Date: Sat, 4 Dec 2021 22:59:54 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0


I updated the debian bootloader part of a laptop with W10 and bitlocker enabled and debian bulleyes with the grub 2.06 version.

I did it the same way as I did with the first installation :
        1)  suspending bitlocker (not disabling as i would require
        disk decryption)   before the install,
        2) updating grub related pacakges only,
        3) and reenabling bitlocker after grub install.

This is typically what Windows10 itself does when updating some efi/bios/drivers components.

So far (before 2.06), it worked like a charm. I had put all related shim/grub package on hold just to control the upgrade, enabling me to perform bitlocker suspend before the upgrade, upgrade, put on debian package on hold again and renable bitlocker on Windows. Upgraded the kernel several time, changed module options and so on...

It did the same with 2.06, and I tough it worked or at least I had the impression it did. But today, without any other grub/efi/ related upgrade, Windows asks for the bitlocker key saying some software/hardware components changed.

I know company admin have ways to recover the keys so I do not worry to much about getting back access to W10 files again but I'm annoyed as I have no clue off what triggered bitlocker problem (I mean except the suspected upgrade to 2.06, but that I performed the same way I did during debian bulleyes initial install (2 bulleyes copies on two disk on the same PC) that worked flawlessly for 6 months or so.

I know grub 2.06 has TPM support and measured boot enhancement but do not understand how it can mess with bitlocker as long it is suspended during the operation. Of course if TPM itself is used and its content content is modified, and beitlocker notice it some problems may happen. I just hope the new grub does not touch efi config that windows may watch/inspect after upgrading the boot system itself otherwyse I will need to re-enter my key and annoys the W10 admin again and again.

Any clue feedback or advices?

Please CC me : I'm not subscribed

-- eric

reply via email to

[Prev in Thread] Current Thread [Next in Thread]