Setting up Windows System drive encryption without a TPM
Tuesday 29th May 2018
When you boot up the next time after enabling encryption on the system drive you’ll be greeted with the friendly blue BitLocker password screen.
Seems simple enough? Likely if you’re a default keyboard user that would be all you’d ever need to know. However, for bilingual users who use multiple keyboard layouts, users with a single keyboard layout different from the Windows display language, and for users with custom keyboard layouts, it might not be.
When you boot up the next time after enabling encryption on the system drive you’ll be greeted with this friendly blue password screen.
Seems simple enough? Likely if you’re a default keyboard user it that would be all you’d ever need to know. However, for bilingual users who use multiple keyboard layouts, users with a single keyboard layout different from the Windows display language, and for users with custom keyboard layouts, it might not be.
When configuring a password for the system drive encryption you will be prompted to use letters, numbers, and special symbols. There is no warning or information provided that you will only be able to enter this password, in the pre-boot environment, from the default keyboard layout of the Windows installation media you installed from.
The pre-boot password screen is very limited when it comes to character input. Depending on your keyboard layout and language settings it may, in fact, be impossible for you to input the same password again as you created for your system inside Windows. You can’t bring up the Windows on-screen keyboard, the Windows touch-screen keyboard, or change the keyboard input layout. You can’t even use ALT codes to force a character in the input field.
Unfortunately, the user isn’t notified in any way about these limitations when setting up their encryption password. Ideally the pre-boot environment would support multiple keyboards and languages but at least if the user were told, they could avoid including symbols and characters/numbers in their password that vary between their own keyboard layout and the pre-boot environment keyboard layout.
If, unlike us (a pesky @ symbol moving between a UK layout and the default US keyboard), you’re lucky enough to find this information before setting your password. I’d recommend changing your keyboard to the default for your installation before setting the encryption password or avoid using any inputs that vary between your regular language/layout and the default keyboard layout of the Windows installation media.