From 01b1660d82783cdde3973db45c78504678785fb6 Mon Sep 17 00:00:00 2001 From: dave Date: Tue, 2 Apr 2024 13:17:35 +0100 Subject: [PATCH] docs: BitLocker recovery key warning Closes issue #271 --- docs/QUICK_START.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/QUICK_START.md b/docs/QUICK_START.md index 728d8fe..5a3792d 100644 --- a/docs/QUICK_START.md +++ b/docs/QUICK_START.md @@ -4,7 +4,7 @@ This document attempts to guide users into setting up UEFI Secure Boot for their NixOS system using a custom key chain. The audience are experienced NixOS users. -This guide has been tested on a Lenovo Thinkpad and is expected to +This guide has been tested on a Lenovo ThinkPad and is expected to work on other Thinkpads without change. On other systems, certain steps may be different. @@ -14,6 +14,13 @@ Secure Boot for NixOS is still in development and has some sharp edges. There may be cases where you end up with a system that does not boot. +For Windows dual-booters and BitLocker users, it is highly recommended +that you export your BitLocker recovery keys and confirm that they are +correct. Please refer to this [Microsoft support article](https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6) +for help. This will be required once you finish this guide to confirm +with BitLocker that the PCRs changed during the next measurement are +intended and allows the TPM unlocking of Windows to work as normal. + **We only recommend this to NixOS users that are comfortable using recovery tools to restore their system or have a backup ready.** @@ -224,7 +231,7 @@ with your keys. At least on some ASUS boards and others, you may also need to set the `OS Type` to "Windows UEFI Mode" in the Secure Boot settings, so that Secure Boot does get enabled. -These instructions are specific to Thinkpads and may need to be +These instructions are specific to ThinkPads and may need to be adapted on other systems. ### Entering Secure Boot Setup Mode