Fix TPM that causes boot failure
We'll recover with the BitLocker key, clear the TPM if needed, or update firmware—or tell you when to call support.
What you'll need
- BitLocker recovery key (from Microsoft account or backup)
- Another device to look up the key (if needed)
Step-by-step diagnostic
Quick triage — pick your path
Get started
Choose the option that matches what you see. You can jump straight to that section.
Show full guide
Steps
Goal: Recover from TPM-related boot failure using the BitLocker key, or clear the TPM if needed.
- Check if the PC shows a blue BitLocker screen asking for a recovery key.
- Good: BitLocker asks for the key—get it from your Microsoft account and enter it. Proceed to Enter recovery key.
- Bad: The PC hangs or loops—you may need to clear the TPM in UEFI. Proceed to Clear TPM only if you have the key.
Enter recovery key
Goal: Get and enter the BitLocker recovery key.
- On another device, go to account.microsoft.com/devices/recoverykey. Sign in with the same Microsoft account.
- Find the key for the affected PC. For work or school PCs, check with IT.
- Enter the 48-digit key on the BitLocker screen. Press Enter.
- Good: Windows decrypts and boots. BitLocker will re-bind to the TPM.
- Bad: The key does not work—confirm you have the right key for this drive. If not, call support.
Clear TPM
Goal: Clear the TPM in UEFI so the BitLocker recovery screen appears.
- Enter UEFI at boot (F2, Del, Esc). Go to Security. Find TPM or PTT.
- Clear the TPM. Save and exit.
- The PC should show the BitLocker recovery screen. Enter the BitLocker recovery key.
- Good: The recovery screen appears. Enter the key and boot.
- Bad: Do not clear the TPM if you do not have the key—you may lose access to the drive.
When to get help
Contact the PC manufacturer or IT if:
- You do not have the BitLocker recovery key.
- The key does not work.
- The PC will not show the recovery screen.
Verification
- Windows boots after entering the recovery key.
- BitLocker is re-enabled and the drive is protected.
- No boot loop or hang.
Escalation ladder
Work from the device outward. Stop when the problem is fixed.
- Enter recovery key Get key from Microsoft account, enter on BitLocker screen.
- Clear TPM UEFI, clear TPM, then enter recovery key.
- Update firmware Install latest BIOS/UEFI from manufacturer.
- Call support No key, key does not work, or PC will not boot.
What to capture if you need help
Before calling support or posting for help, have these ready. It speeds everything up.
- PC model and Windows version
- Whether BitLocker recovery screen appears
- TPM status in UEFI
- Whether you have the recovery key
Does BitLocker ask for a recovery key?
Blue screen with a field for the 48-digit key.
Check the screen. If BitLocker shows a recovery key prompt, the TPM no longer has the key. Yes: get the key from your Microsoft account, enter it. No: the PC may hang or loop—try clearing TPM in UEFI if you have the key.
You can change your answer later.
Do you have the BitLocker recovery key?
Key is at account.microsoft.com/devices/recoverykey or in your backup.
Go to account.microsoft.com/devices/recoverykey on another device. Sign in. Find the key for this PC. Yes: enter it on the BitLocker screen. No: contact IT or Microsoft—without the key, the drive may not be recoverable.
You can change your answer later.
Enter the key and boot
Type the 48-digit key. Press Enter. Windows should decrypt and boot. After boot, BitLocker will re-bind to the TPM.
Clear TPM in UEFI
Enter UEFI. Security, TPM. Clear the TPM. Save and exit. The PC should show the BitLocker recovery screen. Enter the key. Only do this if you have the key.
Call support
Contact the PC manufacturer or IT. Without the recovery key, data recovery may not be possible.
Reviewed by Blackbox Atlas
Frequently asked questions
- Why would TPM cause a boot failure?
- A TPM firmware update, clearing the TPM, or a failed TPM can invalidate the keys BitLocker uses. Windows then asks for the recovery key. Without it, you cannot decrypt the drive.
- Can I fix TPM boot failure myself?
- Yes, if you have the BitLocker recovery key. Enter it when prompted. If the TPM was cleared, you may need to clear it again in UEFI and then enter the key. Update firmware from the manufacturer.
- When should I call support for TPM boot failure?
- If you do not have the BitLocker recovery key, the PC will not accept the key, or you cannot enter UEFI. Provide PC model, Windows version, and whether the drive is BitLocker-encrypted.
Rate this guide
Was this helpful?
Thanks for your feedback.