I got to experience a bitlocker recovery process, on a Microsoft surface pro 3 computer.
On booting, the bootloader reported that the cng driver is corrupt (and none of rest of the rest of the loading sequence would work. Traditionally, though it may no longer be the case, cng stood for crypt next generation.
Aha, I thought. Perhaps the recent firmware updated – talking to the TPM – didn’t work well, leaving things in a strange state.
So I learned to boot the machine into the UEFI setup manager, and disabled both TPM and secure boot. On rebooting, the machine detected that it could not decrypt the bit-locked file, and induced me to find my bit-locked recovery keys.
Presumably, FBI can do the same… with or without my cooperation. More useless American assurances in the crypto regime.
I wonder what state my PC is in, re TPM etc?