An approach is provided in which a security module, such as a TPM, identifies a change to a boot configuration used in a secure boot operation. This identification results in a non-release of a secret value that is stored in a memory controlled by the security module. The non-release of the secret value is detected by a boot process when the boot process is initiating a session of the information handling system. In response to the detection by the boot process, the boot process retrieves an update encryption key and then decrypts an update copy of a disk encryption key stored on a nonvolatile storage area of the information handling system using the retrieved update encryption key. The nonvolatile storage area also includes a primary copy of the disk encryption key that has been encrypted with the secret value.