Asus BIOS Warning: ‘Back Up Your Bitlocker Encryption Key’
You know how – when a waiter puts down your plate of food and says“Don’t touch the plate, it’s really hot”– you kind ofhave totouch the plate? After all, whenever the universe gives us humans a massive“Warning: potential danger”type message, weneedto investigate because we’re a curious bunch.
So when I recently went to update my ASUS B550M-Plus’s BIOS, my interest was piqued by a new ASUS warning message:
I mean, they even have multiple exclamation marks (“Important Notice!!!“) so this messagemustbe relevant to me – right?
Key Points
What The Asus “BitLocker Recovery Key” Notice Means
BitLockeris a disk level encryption system provided by Windows, meaning that all your files and programs are securely encrypted. It’s designed to prevent unauthorized access to your system – for example if your PC or laptop was stolen.
There are different ways of setting up BitLocker protection, however it’s often configured so that users are prompted to enter a PIN or passwordbeforethe system willboot into Windows. This is backed by a BitLocker recovery key that helps to secure your encrypted data, especially in cases where you need to re-setup the disk encryption or there are unauthorized access attempts.
However because many of these BitLocker checks happen duringthe BIOS start-up process, if you update your motherboard’s BIOS without first disabling BitLocker encryption, you mibe be locked out of your system (especially if TPM orPTTis enabled).That’s where the recovery key comes in: you will then need to use the recovery key to re-initialize the BitLocker disk encryption on Windows.
That’s why ASUS give a clear warning about BitLocker before allowing you to update the BIOS.
How To Know If BitLocker Encryption Is Enabled (Does It Apply To You?)
There are a few simple ways of checking if BitLocker encryption is enabled (oreven available) on your system:
Of course, simply having TPM-capable hardware and a “Manage BitLocker” option doesn’t mean that BitLocker encryption is enabled – merely that it’s available. Before updating your ASUS BIOS, you should go into the “Manage BitLocker” screen.
If it says ‘Turn on BitLocker’ (or all BitLocker entries say “Off”) then that’s good because it means that BitLocker encryption is currently disabled, and you can freely update your BIOS. However if it says “Suspend Protection” then your diskiscurrently enabled and you will need to pause protection (or backup your recovery key) before doing a BIOS update.
How To Suspend Protection (& Back Up The BitLocker Key) Before Updating The ASUS Bios
Whenever you enable BitLocker, you should always ensure that you keep your BitLocker recovery key safe bybacking it up(this is crucial whether or not you plan to update your BIOS).
Back-Up The Recovery Key
To do this, hit the Windows key and search for “BitLocker”. Select the BitLocker option and it will open the BitLocker Encryption section of the Windows control panel. Then select “Back up your recovery key”.
You can then choose where you want to save your key, including straight to a USB file – or even to your ‘cloud’ Microsoft account (as of Windows 11). I’m old school so I usually go with a USB file (or even print it out, and stick the page in a filing cabinet), although it can be useful to save it against your Microsoft account too just in-case your house burns down or something!
(Hopefully none of our houses burn down, though!)
Suspend BitLocker Protection
In general it is best to simply disable BitLocker protectionbeforeyou upgrade the BIOS. To do this, search Windows for “BitLocker” and open the BitLocker result. There will be an option to “Suspend Protection”, so click this:
Then you can upgrade your BIOS as normal:
Tip:Just be sure to go back and re-enable BitLocker protection after the BIOS update has completed, otherwise your system and its files will be unprotected.
Final Tip: Choose YES (Not NO) On The ASUS Warning Message
The ASUS warning message is quite confusing:
After all, it doesn’t ask you any sort of question – but yet the button options are “Yes” and “No”! This confused me at first (do I click “No” if I don’t have it enabled?!), so I wanted to be crystal clear here. You can only proceed with a BIOS update by clicking on “Yes”. Clicking on “No” takes you back to the BIOS update page but doesn’t install anything.
So you need to ensure that BitLocker is disabled (or you have backed up the recovery key) andthenyou click “Yes” to proceed with the ASUS BIOS update.
Related Reading:What is “TUF Gaming” and “ROG”? (Is It Just Asus Marketing?)
Tristan has been interested in computer hardware and software since he was 10 years old. He has built loads of computers over the years, along with installing, modifying and writing software (he’s a backend software developer ‘by trade’).Tristan also has an academic background in technology (in Math and Computer Science), so he enjoys drilling into the deeper aspects of technology.Tristan is also an avid PC gamer, with FFX and Rocket League being his favorite games.
