I have two machines with TPM 1.2 chips. These machines are at home, so the benefits of bitlocker for the system drive seems minimal under the assumption that anyone with physical access can gain full access of my machines. I'm more concerned with the backup disks which I rotate off-site. I would like to encrypt my backup disks, but I'm concerned whether I can do a system image recovery, which bypasses normal the normal startup and runs in the WinPE pre-boot environment. Is there a procedure available to unencrypt the image copy backup for recovery and then reencrypt the backup disk afterwards?

Once machine runs Win 8.1 (x64) with Update. I don't bother sending backups off-site for this or any other client machines, since all data is accessed on my server. Windows offline shadow copies are already encrypted. Yet I still have an occasional need for an image copy restore.

My data is primarily on my virtual Windows Small Business Server (SBS based on Windows Server 2008 R2) running on a Windows Server 2012 R2 with Update Hyper-V host. Hyper-V does not make the TPM available its virtual machines. The Hyper-V host does have access to the *.VHDX disk volumes for the Hyper-V client machines. I have a occasion need to perform an image copy recovery on the Hyper-V host and/or on the Hyper-v virtual SBS.

Can I safely bitlock the backup disks and use them for image copy restores, which run on the Windows pre-environment?