dar siek tiek infos del idomumo, nes susidaryti aiskesni vaizda apie 
bitlocker bent man padejo butent paciu ivairiausiu atveju skaitinejimas. ten 
minimas ir automatinis rakto backupas i microsofta :)



Microsoft Surface line of devices comes encrypted either with BitLocker or 
Device Encryption (which is basically a non-customizable BitLocker). This 
encryption does not rely on a user password at all. (It could, but it 
doesn't.) Instead, it relies on a recovery key stored within a tamper-proof 
Trusted Platform Module (TPM) chip integrated into the device.

I also assume the Secure Boot is enabled on your Surface Pro. One of the 
thing that TPM and Secure Boot do is preventing unauthorized boot 
configuration modification. This is one of the things that can effectively 
stop bootkits (boot rootkits) and ransomware. When they determine that the 
boot path may have been compromised, TPM refuses to supply the BitLocker 
recovery key to the bootloader. (Nobody wants a bootkit to receive his/her 
recovery key.) Linux aficionados are already aware of both, because living 
in the Linux world takes a technically dedicated geek. So, when they install 
Linux, which definitely requires boot configuration changes, they disable 
BitLocker (and sometimes Secure Boot) in advance.

Make no mistake: People love all this; their data is much safer. The only 
exception is the journalist community who both love it and love throwing mud 
at it, because that's their job.

What to do now?
Fortunately, Microsoft has a safety measure in place in case your TPM fails: 
The recovery key that I mentioned earlier is generated during the out-of-box 
experience (OOBE) sequence when your Surface Pro is first turned on, and 
only if you choose to log in with a Microsoft account. Device Encryption 
does not get enforced without it. This recovery key is then uploaded to your 
Microsoft account and won't be deleted without your explicit command. You 
can find it using this URL:

  https://account.microsoft.com/devices/recoverykey

That's as far as the default configuration of Microsoft goes. But if you 
enabled BitLocker yourself ... oh, well, never mind; you said you didn't.

With this key, you can boot Windows from the encrypted disk. From within 
Windows, you can disable BitLocker/Device Encryption and go about your 
business of installing Linux. But be advised: Linux means living on the 
cutting edge. If you don't have sufficient technical knowledge, some other 
technical difficulty may threaten your digital life. So, I suggest having 
backup in place.







https://superuser.com/questions/1324333/why-my-surface-pro-asks-for-bitlocker-recovery-key