Disable Bitlocker encryption if a BIOS update is found

julrich-usgs / nofips-dell-drivers

Use powershell and Dell Command Update cli to make Dell Command update work with FIPS enabled

MIT License

4 stars 3 forks source link

Disable Bitlocker encryption if a BIOS update is found #2

Closed julrich-usgs closed 3 years ago

julrich-usgs commented 4 years ago

Something similar to:

suspend-bitlocker -mountpoint "C:" -rebootcount 1

When I have a chance to revisit this, I will add some kind of detection mechanism for bitlocker enabled systems so it disables bitlocker before rebooting.

Most (maybe all?) systems will have problems on reboot with a bios update if TPM is enabled and in-use.

A9G-Data-Droid commented 4 years ago

Suspending bitlocker should be easy. I have an example in my new branch: https://github.com/A9G-Data-Droid/nofips-dell-drivers/tree/SuspendBitlocker

Before we can do this we need to detect when the update is a BIOS update. How do we do that?

A9G-Data-Droid commented 4 years ago

I answered my own question. My new branch will attempt to detect BIOS updates and suspend BitLocker if found. I can't test this right now so I'm not going to open a PR until I get it tested. Feel free to take a look and go for a spin.

A9G-Data-Droid commented 3 years ago

I have now tested my code on BitLocked systems. This updater is working great, I use it all the time.