Can I upgrade to Windows 10 with BitLocker Enabled?
I am currently running Windows 8.1 Pro, with BitLocker enabled (the hardware has no TPM, though).
I am curious as to whether I will be able to upgrade to Windows 10 when it is rolled out without having to disable BitLocker/decrypt the hard drive.
Windows Updates obviously work fine with BitLocker, but as I have not beta tested Windows 10 I have no idea whether I will need to decrypt the drive before upgrading the system to Windows 10 or not.
Any and all information is appreciated!
Solution 1:
Ok, I was bold enough to try it. :) Windows 8.1 with Bitlocker system drive full encryption, using TPM 1.2 and PIN. I got the free automatic Windows 10 download upgrade, and started it without deactivating Bitlocker.
The update process worked like a charm. There have been three automatic reboots by my count, all with disabled Bitlocker because obviously the update procedure deactivated it on its own. Only after the next boot which has been initiated by myself, I had to enter my PIN (which has been accepted).
I guess this can only work, however, if the update procedure is started from within the running 'old' Windows. If you happen to boot a Windows 10 from its installation media instead, the update process will have a hard time accessing the system drive at all. So I guess this is the single situation where the advice applies that Bitlocker should be deactivated manually.
Please note that all of this is only my guessing, and the result of one single experiment. Before I applied the update, I made sure that I knew the location outside of my machine where the Bitlocker Recovery Key resides. And I recommend everyone to do the same. :)
Solution 2:
I suspect the same process as per this article.
Before you start
To complete the procedure in this scenario:
- You must be able to provide administrative credentials.
- The operating system drive must be BitLocker-protected.
To manually upgrade BitLocker Drive Encryption
- On a computer running Windows Vista, click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
- Click Turn Off BitLocker, and then select the Disable BitLocker check box. Do not decrypt the drive.
- Install Windows 10 on the same drive.
- After Windows 10 is installed, click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
Click Resume Protection. Your operating system drive is now protected with BitLocker. If you want to use the new recovery key protection option—data recovery agents—you must also upgrade the BitLocker version information stored in the BitLocker metadata to the Windows 7 version. This is accomplished by using the Manage-bde.exe command-line tool.
To upgrade the BitLocker metadata so that you can use the new Windows 7 BitLocker features, click Start, click All Programs, click Accessories, right-click Command Prompt, and click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes. At the command prompt, type the following command, replacing Volume with the appropriate drive letter:
manage-bde.exe –upgrade Volume :
Do not decrypt, only disable bitlocker. Resume after upgrade