Bitlocker Missing in Control Panel PCR7 binding is not supported

Parker 0 Reputation points
2023-10-17T23:10:03.86+00:00

Hello,

I am currently trying to update my BIOS to fix an issue with intel extreme tuning, to be able to have profiles reloaded on reboot. I have a secondary drive that is encrypted by bitlocker, I can enter the password and access etc. When attempting to update my BIOS on an ASUS Z790-A Prime Wifi it states that I should suspend bitlocker or risk losing that data on that drive.

However, when looking in control panel it is not there. Attempting to open it in the new windows settings I get an error stating "Failed to open the bitlocker control panel tool. Error code 0x80004005." I partially know why as system information states this for Device Encryption Support "Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected, WinRE is not configured".

Now this error would make sense if not for the fact that TPM is enabled, I have checked, and Secure boot is enabled. (BIOS mode is UEFI). My board has a discrete TPM 2.0 option and firmware 2.0 TPM option yet neither have changed the error listed under Device Encryption Support. I have also checked that WinRE is enabled with reagentc.exe /info in the command prompt. However, I have found that when using Manage-bde.exe -protectors -get %systemdrive% that there is no reference to PCR 7 and receive "Error: No Key Protectors Found" with no reference to TPM, even though TPM 2.0 is showing as on. Also, attempting to add tpm to this list I get the message that this version of windows does not support Bitlocker, yet I have the latest Windows 11 updates.

According to the troubleshooting at https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues#event-id-854-winre-is-not-configured, I needed to check the disk volumes as well, they are all healthy and a recovery drive is present. I do get events 815 (BitLocker cannot use Secure Boot for integrity because the expected TCG Log separator entry is missing or invalid.), and 834 in event viewer (bitlocker API) but those have led me to no helpful troubleshooting. Also I do not use intune. The only other clue I have is that event viewer states "The following DMA (Direct Memory Access) capable devices are not declared as protected from external access" and lists intel PCI-PCI Bridge and intel ISA Bridges, but have no idea what to do with that information.

So what gives? I cannot do a BIOS update because I cannot decrypt my secondary bitlocker drive because it isn't present in the settings even though all the supposed features that are needed for it to be are on and enabled. I have windows 11 and and intel i7-13700k.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,367 questions
0 comments No comments
{count} votes