TLDR; The EFI partition was full from prior HP firmware updates, leaving old BIOS files in \EFI\HP folder which prevented the UEFI update process from completing, which caused BitLocker to fail.

In case I can save someone else some time. I had a laptop promting for the Bitlocker Recovery key on every boot / wake from hibernation. I decrypted the drive thinking I'd just re-encrypt which can sometimes fix this. However, Bitlocker would throw an error about "The system cannot find the file specified" when I tried to encrypt the drive again.

The April 2026 Windows update tried to install the 2023-signed boot manager, but the boot manager update failed with 0x80070070 (disk full) and servicing got stuck with UEFICA2023Status = NotStarted. So Secure Boot ended up in a weird state with the 2023 certs in the DB, but still running the 2011 signed boot manager. PCR7 was showing "PCR7 binding not possible". So BitLocker validation failed because Secure Boot was borked and the "file not found" error was BitLocker giving up at that validation step because the missing boot manager update meant it literally couldn't find files it expected to be there.

To fix:
diskpart
list disk
select disk 0 (replace with your disk number)
list partition
select partition X (the EFI System partition, usually \~100MB, type "System")
assign letter=S
exit

S:
cd EFI
rmdir /s /q HP (or your vendor)

Trigger the boot manager update phase:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Secureboot" /v AvailableUpdates /t REG_DWORD /d 0x100 /f

Run the scheduled task:
schtasks /run /tn "\Microsoft\Windows\PI\Secure-Boot-Update"

reboot and check the servicing status at HKLM\SYSTEM\CurrentControlSet\Control\Secureboot\Servicing

Enable BitLocker again