Skip to main content

Imaging and Restoring a BitLocker Drive

Beginner
Posts: 1
Comments: 1

Hi,

I know there are a lot of BitLocker (BL) related questions, but none seem to answer my question directly - and I hope it's a simple (if long winded) one.

I have a BL encrypted OS drive using a TPM. It unlocks at bootup/login with no intervention from me and is unlocked before ATI-2018 loads.

ATI has no problem imaging this drive onto my non-BL backup drive (I use ATI AES256 encryption, but that's not really related to my question)

I assumed that ATI worked like Windows System Image in regards to BL - if I need to restore an OS drive image I just boot from recovery media, select the ATI image from my backup drive (entering ATI password if it was encrypted) and restore the OS drive.

I expected to restore the drive as if BL had never been enabled and would be able to boot from it and just have to reset the TPM and re-enable BL if I so desired.

Am I wrong ?

I have been told by Acronis that it's "safer" to suspend BL protection before making ATI images. Since I have imaging on a weekly overnight schedule, this would not be convenient.

Has anyone done this the same way I'm set up ?

Have you successfully been through an image-restore-boot cycle ?

I might buy a new SSD to try this, but am afraid booting into the restored OS disk might not work, just reset my TPM and then I'm screwed.

Any insights or experiences will be much appreciated.

Gary

Legend
Posts: 44
Comments: 13566

Top

Gary, welcome to these User Forums.

If you are making full disk & partition backups of your entire BitLocker protected OS drive, then these backup images would be restored as if BitLocker was not active and you would need to reenable BL to get back to the encrypted status of the drive.

The only reason for suspending BL before making an ATI backup image would be if you are booting your computer from the Acronis bootable Rescue Media for this task. 

See KB 56619: Acronis True Image: compatibility with BitLocker for an official statement on this subject.

In reply to by Steve Smith

Beginner
Posts: 1
Comments: 1

Top

Thanks for the explanation Steve.

 

Beginner
Posts: 0
Comments: 3

Top

Hi Steve, my question is related to your reply to Gary on backup and restore of Windows bitlocker drives. When I try to reboot to a restored C: drive that is a ATI backup image created within Windows 10 that is bitlocker encrypted, I receive a error message :" An operating system wasn't found. Try disconnecting any drives that don't contain an operating system." 

Since I was following the steps recommended for backing up bitlocker drives in Windows 10, I can't figure out what I did wrong. Any suggestions?

 

Thanks, Jason

Legend
Posts: 44
Comments: 13566

Top

Jason, welcome to these User Forums.

When I try to reboot to a restored C: drive that is a ATI backup image created within Windows 10 that is bitlocker encrypted

Please can you expand on your statement above as I am not sure if I understand what you are doing?

When you look at the backup image .TIB file on a computer with ATI installed, can you double-click on the .TIB file in Explorer and open the contents of the image / browse the contents?

When the backup image was created, was this made as a Disks & Partitions backup image (or as an Entire PC image)?  Only this type of backup image can be restored to create a bootable OS drive.

Have you restored the above backup image to a disk drive using ATI using the recovery process for Disks & Partitions?

Is the restored drive connected as an internal drive in the same computer where the backup was created from?

Beginner
Posts: 0
Comments: 3

Top

Hi Steve, Thank you for your reply. I 'm trying to restore a ATI backup image to the original C: drive that it was created from. The ATI backup was created within Windows 10 32 bit OS that is bitlocker encrypted. When I try to restore the backup I receive the error message I stated in my original posting. It appears the drive can't be booted because the OS is missing. I have three other backup images that I tried and I get the same error message. The image was created as a Disks & Partitions image of the C: drive. I hope this is clearer. Thank you for your help.

Jason

 

Legend
Posts: 44
Comments: 13566

Top

Jason, thanks for confirming what you are trying to do here.  More questions unfortunately!

When you look at the backup image .TIB file on a computer with ATI installed, can you double-click on the .TIB file in Explorer and open the contents of the image / browse the contents?

Is your target computer pure 32-bit or is it 64-bit capable but just using 32-bit?

What type of BIOS does the computer have?  Is this pure Legacy, or is it UEFI, and which is being used for the OS normally?

What version of the Acronis Rescue media are you using to do the restore?  Was this created on the same computer or on a different one?
Note: Acronis can create Linux based media, or else WinPE created from the WinRE (Recovery Environment) or by using the Windows ADK.  Typically the WinPE media is 64-bit only if created using the Acronis Media Builder program, but 32-bit media can be created using the MVP Custom ATIPE Builder script.

Beginner
Posts: 0
Comments: 3

Top

Hi Steve,

I wanted to let you know that I finally solved the problem. I mentioned that I tried other ATI backups I saved but I still ran into the same problem. I usually store backups on at least two external drives. I found an earlier backup that was created after I suspended bitlocker. That backup worked and I was able to restore my boot drive. The backup was about 3 weeks old but it solved the problem. In the future I will suspend bitlocker before I create a backup. Again thank you for your help and patience. 

Legend
Posts: 44
Comments: 13566

Top

Jason, thanks for the update and glad to hear that you have been able to recover your boot drive.

Forum Member
Posts: 14
Comments: 79

Top

Steve, is Bitlocker still an issue with ATI 2019? I just ran a test on my son's PC which has the TPM chip and Bitlocker. I don't recall doing anything special with the TPM when I started working on his PC but in the PC UG it states:

To help protect your computer against unauthorized access, use the drive encryption software, such as Windows BitLocker Drive Encryption.

Windows BitLocker Drive Encryption (referred to as BitLocker) is an integral security feature of some editions of the Windows operating system. It can help you protect the operating system and data stored on your computer, even if your computer is lost or stolen. BitLocker can encrypt all user and system files, including the swap and hibernation files.

BitLocker uses the TPM to provide enhanced protection for your data and to ensure early boot component integrity.

I just checked and the "C" drive (the only drive in his laptop, and the attached USB drive) both are locked by BL.

About 30 minutes ago I ran ATI and backed up the entire system to the BL USB attached drive without suspending BL. Using the Windows File Manager I could drill down into the TIB file without doing anything extra. 

I saw the article (Windows 10: Suspend or Resume BitLocker Protection for Drive in Windows 10) at https://www.tenforums.com/tutorials/38508-suspend-resume-bitlocker-protection-drive-windows-10-a.html and the Acronis KB (Acronis True Image: compatibility with BitLocker) you mentioned at https://kb.acronis.com/content/56619

When I ran my test I DID NOT suspend BL. I then checked several BUs I've made and all could be opened to any level. I even opened one of the WORD files in the TIB file.

Unless I'm doing something wrong using BL seems to be transparent, however, I have NOT tested restoring. In my research, I've seen some mention that changing the boot order in the BIOS with the TPM chip is a no-no. This may present a problem with restoring. I can press F12 at boot time and boot from something other than the C drive. At this time I don't know if this will present a problem but will be testing in the very near future.

On my systems I did take an USB BL drive and move it to different systems. To access anything on the drive I had to first unlock the drive. Once it was unlocked I could access anything on the drive (this is as I expected).

BTW the ATI BU task is backing up the entire C drive on my son's PC. I took this approach because if there is a drive failure everything must be recovered. I'm currently running only FULL BUs. The PC is running Win10 x64 and has the latest updates as of 2018 1004, at 1919 hours.

Legend
Posts: 44
Comments: 13566

Top

John, BitLocker in itself is not an issue here but when you make a backup of such an encrypted drive, then the .tib file that is created is not encrypted with BitLocker.  This is because ATI is running in the 'unlocked' environment from within the Windows OS and does not 'see' any encryption.

If your target drive for the backup is also BitLocker encrypted, then obviously the .tib file will be protected by the same encryption too, although you can also use the Password encryption option for the backup task.

The real issue is in recovery for the second aspect here, i.e. recovery from a BitLocker encrypted backup drive.

The standard Acronis Rescue media has no support for BitLocker so you would either need to connect the backup drive to another system and perform the recovery there, or else you will need to create the MVP Custom ATIPE version of the Rescue Media and include BitLocker support in that media, which would then allow you to work with the encrypted backup drive from a bootable USB stick.

After doing a recovery, the restored Windows drive will still be unlocked / not protected by BitLocker, so this would need to be re-enabled from the OS BitLocker Control Panel.

See KB 56619: Acronis True Image: compatibility with BitLocker for the official statement here.

Forum Member
Posts: 14
Comments: 79

Top

Steve, following is an update on my testing. Possibly I'm just confirming what you have said but I just want to make sure I really understand. As I get older sometimes it takes multiple passes at something before I truly understand.

  • On my son's PC the only drive in the laptop is the C drive and it has BitLocker applied to it,
  • His PC also has the TPM chip but we have not done anything with it, thus I suspect we are not getting the benefit it provides.
  • The backups are stored on two rotating USB 4 TB drives and they also have BitLocker applied.
  • ATI backups the entire C drive, thus I should be able to restore the entire drive if the drive fails in his computer.
  • When ATI runs BitLocker is NOT paused.
  • Full backups are run nightly (I'll follow up in a few days with the enhanced BAT file and more details, I still have at least one enhancement to make). BTW I'm open for suggestions to improve the BU process.
  • Earlier tonight I copied a TIB file from his PC to my PC. Because I was accessing his system via TeamViewer I used WinRAR to compress and split the TIB file into 700KB pieces, this resulted in 65 small files.
  • I then transferred the 65 files to my PC via TeamViewer. (He and I are running Windows 10 Pro x64)
  • After the transfer completed I extracted the TIB file to my PC which does NOT have BitLocker on it.
  • Using the Windows File Explorer I was able to drill down into the file. 
  • As a test I copied three files (1) .MOV, (2) .XLS and (3) .PDF from the TIB to my PC. I could open all three files.
  • Thus so far all is good and I don't see any issues. However, if you see something I've missed or have a  possible security issue please feel free to let me know.

Hopefully this week I will copy the TIB file to a USB drive that has BitLocker applied to it and then use ATI to restore to a test drive. I will NOT be able to test the restored drive in my son's PC but what I can do is take a TIB file from my laptop, put it on the USB BitLocker drive and restore to another test drive. Hopefully, this will expose any possible issues. Suggestions?????

If the USB drive with BitLocker presents an issue I could make available a USB drive that does not have BitLocker on it. However, I think this has already been resolved by other ATI users. I may be going down a rabbit hole that has already been explored. 

Legend
Posts: 44
Comments: 13566

Top

John, all the points in your list look to be fine.

Hopefully this week I will copy the TIB file to a USB drive that has BitLocker applied to it and then use ATI to restore to a test drive.

Doing the above should also be fine assuming that the BitLocker USB drive is unlocked when doing the copy, however, when you come to using ATI to restore the backup to a test drive, unless you will be doing this from within the running Windows ATI application where BitLocker is unlocked for the USB drive, then any Acronis Rescue media would need to include BitLocker support and you would need to unlock the backup drive before ATI would be able to see the .tib file on it.

The MVP Custom ATIPE Builder tool has an option to include BitLocker support in the WinPE media it can create, then you would need to export the BitLocker key file and use that for unlocking the USB drive.