Summary:
BitLocker monitors the system for changes in the boot and configuration. When BitLocker sees a new device in the boot list or an attached external storage device it will prompt for the key for security reasons. This is normal behavior.
This problem occurs because by default USB-C / Thunderbolt 3 (TBT) boot support and Pre-boot for the TBT is on.
By turning these options off in the BIOS the Thunderbolt / USB-C is removed from the boot list and BitLocker does not see it.
The only negative effect of this configuration change is you will not be able to PXE boot from a USB Type-C or Thunderbolt 3 dongle or dock.
Affected System Types:
Lenovo T470, Dell 3390 2-in-1, Dell XPS12 9250
Solutions:
Option 1:
Remove USB-C device and reboot the system. Reinsert the USB-C device while logged into Windows.
Option 2:
- Enter the BIOS (F2 at boot or F12 one time boot menu at boot)
- Go to System Configuration, then USB Configuration, and uncheck the following.
- Disable USB Type-C or Thunderbolt 3 Boot support
- Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
- Disable UEFI Network Stack
- Set POST Behavior -> Fastboot -> Thorough
Upon doing this the system should not prompt for the BitLocker key on every boot.
Related Article: