Device Encryption Support shows: Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not Modern Standby.

Hi.  I have a brand new Lenovo Ideapad FLEX-14API Laptop - Type 81SS purchased in December 2019. 

Device encryption does not appear as an option in Settings under "Updates & Security."

After following some troubleshooting steps I looked in the System Information tool and found this:

Device Encryption Support Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected

However when I look at Device Security under Settings it says: 

Your device meets the requirements for standard hardware security

This means your device supports memory integrity and core isolation and also has:

• TPM 2.0 (also referred to as your security processor)
• Secure boot enabled
• DEP
• UEFI MAT

here is the link to the system specifications page: 

https://psref.lenovo.com/Detail/IdeaPad/Flex14API?M=81SS0002US

which does specify that the computer has a "FW TPM 2.0" so this should satisfy the TPU requirement.  I have no devices attached. 

Any idea what is going on?  seems like the computer should be meeting the requirements given that it is practically brand new windows 10 certified etc.  

appreciate any tips or ideas or solutions.

Hi,

  This will depend on the model of the PC if its got TPM built in. Do you mean Bitlocker for the encryption?

I also ran into this error in the Windows 10 System Information app: "Reasons for failed automatic device encryption:  Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected".

I discovered this error after installing a TPM module on my motherboard. I was trying to enable core isolation/memory integrity in Windows 10 Pro on a PC with an AMD Ryzen processor. However, the Windows Security app displayed an error on the Device Security tab: "Standard hardware security not supported". Microsoft's "learn more" link said I needed 4 things that I already had enabled: TPM 2.0, secure boot, DEP, and UEFI.

After much digging, I discovered the problem: AMD-V virtualization must also be enabled. My motherboard is an MSI B450 Tomahawk Max, and virtualization is disabled by default in the BIOS. The setting to enable it is hidden under Overclocking settings > CPU Features > SVM Mode. I set this to Enabled, rebooted, and successfully enabled core isolation/memory integrity in Windows.

Since my desired features are working, I am now ignoring this error in the Windows 10 System Information app.

No--I know this PC can't support Bitlocker because it runs Windows 10 Home edition.  But my understanding from Windows website info, there is also a device encryption support feature that might be available (that runs on all versions of Windows 10).  Go to Settings, System Info, Device Encryption Support.

This is the Windows website that tells about device encryption:

https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption

I haven't managed to figure this out - not quite ready to fully reinstall the whole operating system at this point but maybe one day I'll try that.  Was hoping there was some BIOS setting I could toggle or other configuration setting or driver I could update to fix this.  Have kind of given up a little bit but when I find some more time I'll take another crack at this. My MacBook from 2012 has FileVault enabled, and really I'm just quite surprised that this brand new Windows-certified Lenovo from 2019 doesn't have this enabled out of the box.