What is BitLocker drive encryption? Do you need to clone BitLocker encrypted disk? This post from MiniTool shows you how to clone a BitLocker encrypted disk to another disk smoothly, even to a smaller disk.
What Is BitLocker?
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes.
What Does BitLocker Do?
The BitLocker encryption is applied to the volume that may span part of a hard disk drive, the whole drive, or more than one drive. It is usually used to protect computer hard drives, mobile hard drives, U disks, and other storage devices.
Dynamic disks aren't supported by BitLocker.
If the BitLocker drive encryption is not enabled, everyone can access data on the storage device, including the computer disks. For example, if your computer is lost, others can remove your computer's hard disk and connect it to other computers. In this way, they can access data on the computer's hard drives.
However, once a storage device is BitLocker encrypted, it requires the BitLocker key for data access. Even if other people connect the computer hard drive to other computers, they cannot access the data on the disk.
BitLocker Encryption Modes
In general, BitLocker has three encryption modes. These modes are related to how to unlock the encrypted drive.
- Transparent operation mode: This mode uses the TPM chip to seal the BitLocker key. In this mode, TPM unblocks the drive automatically and users power up and log in to Windows as usual.
- User authentication mode: In this mode, users use a password to unblock the drive. If you use this method to encrypt the C drive, you need to enter the BitLocker password every time you boot up Windows.
- USB key mode: In this mode, users use a smart card or a USB device to seal the BitLocker key. However, BitLocker does not support smart cards for pre-boot authentication. To use this way to encrypt the C drive, you need to use the manage-bde tool to create a USB device that contains a startup key into the computer to be able to boot the protected OS.
BitLocker System Requirements
To use BitLocker, your computer should meet the following system requirements.
- Windows Vista/7 Ultimate and Enterprise editions; Windows 8/8.1 Pro and Enterprise editions; Windows 10/11 Pro, Enterprise, and Education editions; or Windows Server 2008 and later.
- At least two partitions on the disk (a system drive named EFI or System Reserved and a boot drive C:). In addition, the boot drive should be NTFS format. Two partitions are required because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive.
- A partition subject to encryption can't be marked as an active partition. This requirement applies to operating system drives, fixed data drives, and removable data drives.
Some people may have merged the system disk into the C drive. In this case, the C drive should be active and cannot be encrypted by BitLocker.
In addition, if you want to let BitLocker automatically unblock your drive, your PC should have TPM 1.2 or higher equipped. If your PC uses TPM 2.0, it must be configured as the UEFI only boot mode.
How to Enable BitLocker on a Drive
Enabling BitLocker drive encryption is very simple. You just need to follow the guide below:
Step 1: Open Windows File Explorer. Right-click on a partition and choose Turn on BitLocker.
Step 2: Choose how to unlock your drive. There are 2 or 3 options: Insert a USB flash drive / Use smart card, Enter a password/PIN, and Let BitLocker automatically unlock my drive (TPM only). The specific name may change. In this step, I choose the password encryption method.
Step 3: Set a password and then choose how to back up the BitLocker recovery key. After that, click the Next button. The BitLocker recovery key is used to help you unlock the drive when you forget the password.
Step 4: Choose how much of your drive to encrypt and which encryption mode to use. For these settings, you can keep the default items. Then, if you are ready to encrypt the drive, click Continue.
Step 5: A PC restart is needed. When the PC boots up, you need to enter the BitLocker password. Then, you can log in to Windows.
When you enable BitLocker on the C drive, you may receive this error message: This device can’t use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
If you also encounter this problem, you can follow this guide to turn on BitLocker for C drive without TPM.
How to Turn Off BitLocker
You can follow the guide below to remove the BitLocker drive encryption:
- Open Windows File Explorer.
- Right-click on the BitLocker encrypted drive with a lock icon and choose Manage BitLocker.
- In the BitLocker-on drive section, click Turn off BitLocker.
- Click Turn off BitLocker on the pop-up window to confirm the operation.
If you are looking for solutions to disable BitLocker, this post will give you satisfying answers since it demonstrates 7 ways to turn off BitLocker.
How to Clone BitLocker Encrypted Disk Using MiniTool Partition Wizard
Some PC manufacturers have BitLocker encrypted the PC system disk. If you have such a PC and want to back up your system disk or clone it to another disk, MiniTool Partition Wizard can help you.
If you use MiniTool Partition Wizard to clone the BitLocker encrypted disk, here are 2 cases:
- The destination disk is larger than the BitLocker encrypted drive. In this case, you can use MiniTool Partition Wizard to clone BitLocker encrypted disk to the destination disk smoothly.
- The destination disk is smaller than the BitLocker encrypted drive. In this case, you need to remove the BitLocker first. Otherwise, the MiniTool Partition Wizard will fail to clone the BitLocker encrypted disk because this software will think the used space of the BitLocker encrypted drive is 100%.
How to clone BitLocker encrypted disk using MiniTool Partition Wizard? Here is the guide:
Step 1: Launch MiniTool Partition Wizard. Click on Copy Disk Wizard in the toolbar. Then, click Next.
As you can see, MiniTool Partition Wizard considers the used space of the BitLocker encrypted drive is 100%.
Step 2: Select the BitLocker encrypted drive to copy and click Next.
Step 3: Select another disk as the destination disk and click Next. The destination could be another internal disk or an external disk. Then, click Yes when it warns you that all the data on the external hard drive will be destroyed.
As long as the used space on the original disk is smaller than the destination disk, MiniTool Partition Wizard allows you to clone the disk to a smaller one. Otherwise, the Next button in this step is greyed out.
Step 4: On the Review the changes window, keep all to the default options and click Next.
If the original disk is MBR style while you want to apply GPT style to the destination disk, you can check the Use GUID Partition Table for the target disk option. If you are not satisfied with the current partition layout, you can highlight a partition and move/resize it. the new layout will be applied to the destination disk.
Step 5: Read the note and click Finish. Then, click the Apply button to execute the pending operation. A window may pop up, click Yes.
I have tried the above steps and the BitLocker encrypted drive cloning is successful. I try booting the PC from the destination disk and it is successful. However, the BitLocker drive encryption has been removed from the destination disk. If you want to apply BitLocker to the destination disk, you need to enable it on the disk manually again.
Other Information about BitLocker Drive Encryption
How About the Security of BitLocker?
BitLocker uses the AES encryption algorithm to protect data, which is reliable enough. However, the problem is that some zero-day attacks may steal the BitLocker key during the PC boot.
For example, in the transparent operation mode, the reason why users don’t need to enter a password is that the TPM chip releases the BitLocker key to the OS loader code. However, this mode is vulnerable to a cold boot attack, which will boot a powered-down machine to retrieve the encryption key from the running operating system.
In addition, during a successful boot, the volume encryption key will be transferred in plain text from the TPM to the CPU, which makes it vulnerable to a sniffing attack.
What Is BitLocker Recovery?
BitLocker recovery is the process of restoring access to a BitLocker-protected drive when the drive cannot be unlocked normally.
What causes BitLocker recovery? In general, the BitLocker recovery interface will occur if you connect the BitLocker encrypted disk to another PC, change some boot settings in BIOS, make changes to the NTFS partition table, enter the PIN incorrectly too many times, or an attack is detected.
How to solve the BitLocker recovery issue? Do you remember you are asked to back up your recovery key during the BitLocker enabling process? When the BitLocker recovery interface appears, you need to find out this key and enter it.
To know more about what causes BitLocker recovery and how to solve this issue, you can read this guide from Microsoft.
Is this post useful to you? Do you know other information about BitLocker drive encryption? Have you encountered other problems related to BitLocker? Please share them with us in the following comment zone.
This post shows you how to clone BitLocker encrypted disk to a larger or smaller drive using MiniTool Partition Wizard. If you encounter problems when using MiniTool Partition Wizard, please feel free to contact us via [email protected]. We will get back to you as soon as possible.