Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/garatc/BitUnlocker/llms.txt

Use this file to discover all available pages before exploring further.

The BitUnlocker downgrade attack is not universal. Several BitLocker configurations and Windows update states make the attack ineffective, either because the TPM refuses to unseal the Volume Master Key (VMK) or because Secure Boot rejects the old PCA 2011-signed boot manager binary required to carry out the downgrade. Understanding these boundaries is important for both defenders and researchers assessing exposure.

Configurations that block the attack

The table below describes each configuration that defeats BitUnlocker, explains the technical reason it is effective, and provides a way to verify that the configuration is in place.
ConfigurationWhy it blocks the attackHow to verify
TPM + PIN (unknown PIN)The TPM will not unseal the VMK without the correct PIN entered at boot. Without it, the volume remains encrypted regardless of which boot manager is used.manage-bde -status C: — look for “Numerical Password” or “TPM And PIN” under Key Protectors
TPM + key fileRequires a physical key file (USB or smartcard) in addition to the TPM. The attacker cannot unseal the VMK without possession of that key material.manage-bde -status C: — look for “External Key” under Key Protectors
KB5025885 installed / CA 2023 migrationThe active bootmgfw.efi on the EFI partition is now signed under the Windows UEFI CA 2023 certificate. Secure Boot rejects the old PCA 2011-signed binary that BitUnlocker relies on, preventing the downgrade from loading.Mount the EFI partition and inspect the binary: mountvol S: /s then sigcheck -i S:\EFI\Microsoft\Boot\bootmgfw.efi
Non-default PCR policy (includes PCR 0, 2, or 4)PCR 0, 2, and 4 measure firmware and boot configuration state. The downgrade replaces the boot manager, altering those PCR measurements. The TPM detects the mismatch and refuses to unseal the VMK.Check Group Policy or run manage-bde -protectors -get C: and look at the PCR validation profile
PCA 2011 revoked via DBXThe old Microsoft Windows PCA 2011 certificate has been explicitly added to the UEFI Secure Boot Forbidden Signatures Database (DBX). Any binary signed solely by that certificate is blocked from executing.Inspect the UEFI DBX entries using a tool such as efi-readvar (Linux) or the Windows Confirm-SecureBootUEFI / DBX audit utilities
Always check the copy of bootmgfw.efi on the EFI partition (S:\EFI\Microsoft\Boot\bootmgfw.efi after mounting with mountvol S: /s) rather than the copy at C:\Windows\Boot\EFI\bootmgfw.efi. These two files may differ — the EFI partition copy is the one actually executed at boot, so it is the only one that matters for determining whether the migration to CA 2023 is complete.

Edge case behaviors

Even in configurations that do not fully block the attack, certain conditions produce unexpected behavior during the boot sequence. The following accordion entries describe what to expect and how to respond.
If BitLocker is configured with a startup PIN that you know, the downgraded boot manager will display a blue screen prompting for it. Because the patched SDI launches a WinRE command prompt rather than the normal Windows boot path, the PIN prompt appears without the usual on-screen keyboard or input indicators. Type the PIN blindly and press Enter — the TPM will unseal the VMK and the boot sequence will continue into the patched WinRE environment.
A blue screen with no known PIN is a strong indicator that the target has already completed the CA 2023 migration via KB5025885. Secure Boot is blocking the old PCA 2011 boot manager but the boot attempt still proceeds far enough to show the error. Press Escape and allow the SDI transfer to finish — however, because the TPM-sealed VMK cannot be obtained without a matching boot path, the BitLocker-encrypted drive will most likely remain locked at the end of the process.
Some modern devices expose only USB-C or Thunderbolt ports and have no USB-A receptacles. For the USB boot method, use a USB-C flash drive directly. For the PXE method, use a USB-C Ethernet adapter to connect the Ethernet cable to the target machine.
TFTP file names are case-sensitive on the server side. If the dnsmasq logs show the target requesting a file such as Bootmgfw.efi or BOOTMGFW.EFI rather than the lowercase bootmgfw.efi, rename the file in TFTP-root/ to match the exact case that the target requests. Font and other auxiliary files that are not found can be safely ignored — only the boot manager and SDI transfers are essential.

Build docs developers (and LLMs) love