No TPM option on Surface Pro 7

Microsoft didn't have a clue what to do as their bios upgrade in 2020 should have only removed the TPM enable/disable option in the bios (as in permanently enabled), so I solved the issue myself.

I just used the PowerShell script to create a Demo certificate. This allowed me to take control of UEFI (Using the UEFI configurator, as the configurator won't work without a certificate) as if I was a SEMM sysadmin, and then I revoked all the configurable bios menu options. Rebooted to make sure it was active. I then invoked all the options again and removed the control back to local bios login.

Whilst this did not reenable the TPM option in the bios security menu, did flag up for tpm.msc in Windows 10 Pro that TPM 2.0 chip existed and was fully functional.

Windows Update still failed to recognise this as a fully capable Win 11 system. Thus it did not automatically offer the upgrade.

This was easily resolved by downloading the Win 11 installation manager and manually upgrading.

It's now a fully functional Windows 11 Pro, Surface Pro 7 (With TPM 2.0 and Bitlocker enabled).

Whilst I still run without Secure Boot at times (I just keep the Bitlocker recovery key to hand for when I am testing unsigned Linux builds, as Windows Bitlocker loves to get silly even with authorised alternative OS's)

Hi Marrion,

The SEMM only applies to Surface Pro 7+ (commercial SKUs only), as you can see in the attached list,

I have a Surface Pro 7 (not +), which was purchased under a UK Government contract (Disabled Student Allowance).

Can you please explain why Microsoft removed TPM 2.0 access and the ability to upgrade to Windows 11 on the Surface Pro 7's after the point of sale?

I have an under-3-year-old device with TPM 2.0 that can't be enabled (As the option was removed from the bios); thus, Bitlocker can no longer be allowed either (Somewhat defeating having Win 10 Pro on the device). From what I can ascertain (from previous posts here), Microsoft Silently did this with its 2020 firmware update, with zero explanation or warning for end users/owners.

"While TPM option in the UEFI settings has been removed from normal usage". So non-commercial purchasers of this high-end small form factor laptop have had most of the Win 10 Pro features disabled, along with the ability to upgrade to Windows 11? (after point of sale)

Why?

This hardware is not subject to a soft contract; it belongs to me, with no authority given to disable 'purchased' lifetime hardware.

Remotely downgrading a hardware device like this after the point of sale would breach the UK Consumer Rights Act 2015. (This item is the UK version, purchased in the UK, with TPM and Bitlocker enabled, it was only temporarily disabled to allow testing of unsigned personal builds of Linux distros).

However, as mentioned, Microsoft silently removed the TPM and BitLocker capabilities without my authority.

Why did Microsoft silently terminate the computer life cycle of non-commercial end users of their hardware?

So basically, I have a £2K+ device that will be rendered useless because I can't run the latest versions of my adaptive support software (Win 11). instead, I must use the less secure Win 10 versions with little or no support cycle. (These devices were still sold by Microsoft right up until version 8 came out as being upgradable to Win 11).

* Update I just noticed it says Surface Pro 4 and later, further down the list. This still doesn't resolve the problem for non enterprise users of Surface Pro 7s that now have TPM option removed from their bios by Microsoft. Rendering a shed load of the hardware they have paid for absolutely useless.

Are Microsoft going to resolve this for non commercial users?

Hi William John Taggart (Student),

Thank you for the response and apologies for the delay in getting back. I'm not sure with the reason behind why the option was removed in the UEFI settings but I tried to check internally if there is another way for us to enable TPM. However, what I have is that we do not have any other way to do this on a consumer device other than to have the device replaced. I understand the frustrations and sentiments on this experience but for further assistance, I recommend reaching out to our live support instead. You may reach our live support through these steps below:

1. Go to Contact Us - Microsoft Support
2. Choose how you would like to get support for your Surface device.
3. Type in the problem you need help with.
4. Look at any available solutions offered and select Contact Support.

In case needed, you may also see this forum article by Barb Bowman for more info in getting phone or chat support: How to get Phone and Chat Support (for Surface Home/Consumer - Microsoft Community

Kind regards,
Marrion

Hi William John Taggart (Student),

Thank you for the update and for sharing to us here the work around or fix that you perform in order for you to reinstall Windows 11 on the device. This is duly noted and thank you also for spending time here with us in the Community.

Kind regards,
Marrion

Hi William John Taggart (Student)"),

Thank you for reaching Microsoft Community.

Based on your description, we understand that you are trying to find a way to enable again TPM on your Surface Pro 7. While TPM option in the UEFI settings has been removed from normal usage, commercial customers that have a need to disable the TPM can use SEMM/DFCI. See: Surface Enterprise Management Mode (SEMM) - Surface | Microsoft Learn for more details.

Kind regards,

Marrion