-
- Novice
- Posts: 4
- Liked: 1 time
- Joined: Dec 05, 2023 6:34 pm
- Full Name: Jamie Burchell
- Contact:
How is an unlocked BitLocker volume restored encrypted?
I've been testing entire computer backups and Bare Metal restores with Veeam Agent for Windows on a BitLocker encrypted system. I expected to see my restored computer unencrypted since the backup was created from an unlocked drive when Windows was running, but it seems the volume was still encrypted and had the same recovery keys. I note from the docs that encrypted volume restores to original locations remain encrypted. How does that work?
I tested a different scenario where I ATA Secure Erased the drive and performed the restore and the restored volume was unencrypted and required re-encrypting and new keys.
I tested a different scenario where I ATA Secure Erased the drive and performed the restore and the restored volume was unencrypted and required re-encrypting and new keys.
-
- Product Manager
- Posts: 14785
- Liked: 1722 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: How is an unlocked BitLocker volume restored encrypted?
Hello Jamie,
BitLocker keys are controlled by the hardware (TPM module) and Windows operating system, when restoring the data to original location we obey the Windows rules, keeping the volume as-is with all the settings preserved and populate it with the data from the backup. Possibly another vendor somehow recreates the volume from scratch and that causes the mentioned issue. Thank you!
BitLocker keys are controlled by the hardware (TPM module) and Windows operating system, when restoring the data to original location we obey the Windows rules, keeping the volume as-is with all the settings preserved and populate it with the data from the backup. Possibly another vendor somehow recreates the volume from scratch and that causes the mentioned issue. Thank you!
-
- Novice
- Posts: 4
- Liked: 1 time
- Joined: Dec 05, 2023 6:34 pm
- Full Name: Jamie Burchell
- Contact:
Re: How is an unlocked BitLocker volume restored encrypted?
Hi Dima
But how is the restored volume still encrypted after the restore? Is the BitLocker volume data stored encrypted and unlocked or unencrypted in the Veeam backup?
But how is the restored volume still encrypted after the restore? Is the BitLocker volume data stored encrypted and unlocked or unencrypted in the Veeam backup?
-
- Novice
- Posts: 4
- Liked: 1 time
- Joined: Dec 05, 2023 6:34 pm
- Full Name: Jamie Burchell
- Contact:
Re: How is an unlocked BitLocker volume restored encrypted?
I think the restored data was being encrypted at rest on the BitLocker enabled volume during the restore process due to BitLocker support within the Veeam Recovery Media and the destination volume being unlocked. When I nuked the drive with a SATA Secure Erase there were no existing volumes and so this didn't happen.
-
- Product Manager
- Posts: 14785
- Liked: 1722 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: How is an unlocked BitLocker volume restored encrypted?
If you are not removing the original volume but populate it with the data from the backup there is no 'volume state' change.But how is the restored volume still encrypted after the restore?
Unencrypted, otherwise it's not possible to restore it. During backup the volume must be unlocked otherwise the job fails.Is the BitLocker volume data stored encrypted and unlocked or unencrypted in the Veeam backup?
Correct, we do not encrypt the data. The volume is unlocked so we can add new content to the volume, while Windows with BitLocker engine does the encryption. Here is the detailed KB: BitLocker Encrypted Volumes SupportI think the restored data was being encrypted at rest on the BitLocker enabled volume during the restore process due to BitLocker support within the Veeam Recovery Media and the destination volume being unlocked. When I nuked the drive with a SATA Secure Erase there were no existing volumes and so this didn't happen.
-
- Novice
- Posts: 4
- Liked: 1 time
- Joined: Dec 05, 2023 6:34 pm
- Full Name: Jamie Burchell
- Contact:
Re: How is an unlocked BitLocker volume restored encrypted?
Brilliant, thanks!
Who is online
Users browsing this forum: DanielJ and 19 guests