This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The first thing I want to note is that bitlocker was automatically unlocking on my PC. The thing that changed was when I reinstalled Win 10 after playing around too much with the registry (oops!). Somehow in my BIOS the TPM was shutoff before the OS was reinstalled, now it's back on yet bitlocker won't automatically unlock. Does this mean that the TPM has to be on in the BIOS before the OS is installed? What does, "PCR7 binding is not supported" refer to? My bitlocker works right now, just not automatically anymore. It dawned on me how to use powershell so as to see what is causing the problem, it says "Exception from HRESULT: 0x80310012". See pic below.
System Information report written at: 02/28/21 15:53:30
[System Summary]
Item Value
OS Name Microsoft Windows 10 Pro
Version 10.0.19042 Build 19042
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Manufacturer Micro-Star International Co., Ltd.
System Model MS-7C71
System Type x64-based PC
System SKU Default string
Processor Intel(R) Core(TM) i9-10900KF CPU @ 3.70GHz, 3696 Mhz, 10 Core(s), 20 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 1.60, 12/11/2020
SMBIOS Version 3.2
Embedded Controller Version 255.255
BIOS Mode UEFI
BaseBoard Manufacturer Micro-Star International Co., Ltd.
BaseBoard Product MEG Z490 ACE (MS-7C71)
BaseBoard Version 1.0
Platform Role Desktop
Secure Boot State Off
PCR7 Configuration Binding Not Possible
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume5
Locale United States
Hardware Abstraction Layer Version = "10.0.19041.844"
Installed Physical Memory (RAM) 64.0 GB
Total Physical Memory 63.9 GB
Available Physical Memory 57.7 GB
Total Virtual Memory 73.4 GB
Available Virtual Memory 64.3 GB
Page File Space 9.50 GB
Page File C:\pagefile.sys
Kernel DMA Protection Off
Virtualization-based security Not enabled
Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected
Hyper-V - VM Monitor Mode Extensions Yes
Hyper-V - Second Level Address Translation Extensions Yes
Hyper-V - Virtualization Enabled in Firmware Yes
Hyper-V - Data Execution Protection Yes
This is to show that is definitely on:
@Omega Initiate
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
@Omega Initiate
Hi,
We have not get information from you for several days.
If the reply is useful for you, please accept as answer. It will be helpful to other members who have same questions.
If you have any other confuse, please reply to us directly.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 17%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I didn't even touch anything, just reinstalled win 11 over a corrupt win 11 installation (in which USB auto-unlock WORKED). Now usb auto-unlock fails every time to hold when reinserting USB drive. I don't really know what to do. Will clearing TPM keys on existing install cause more problems or resolve the USB auto-unlocking error?
@Omega Initiate
Hi,
If TPM was not cleared when you reset Windows, it may lead to difficulties in enabling this feature.
Was TPM enabled on the device prior to reinstalling Windows?
Did you clear the TPM before proceeding with the reinstallation of the OS?
Clear the TPM as part of a complete reset of the computer: You might want to remove all files from the computer and completely reset it, for example, in preparation for a clean installation. When you perform a reset and use the Remove everything option, it will clear the TPM as part of the reset. You might be prompted to press a key before the TPM can be cleared. For more information, see the “Reset this PC” section in Recovery options in Windows 10.
Clear the TPM to fix “reduced functionality” or “Not ready” TPM status: If you open TPM.msc and see that the TPM status is something other than Ready, you can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section.
For your reference:
https://learn.microsoft.com/en-us/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I did a fresh install of the OS after I cleared the TPM and I'm still having the same problem. The status says it is "Ready to use." It works manually yet it does not work automatically, although it use to. Is there something different with NVME drives than SATA drives when it comes to setting up the TPM?
Hi,
Please refer to the Device encryption requirements:
Trusted Platform Module (TPM) version 2.0 or higher, and TPM enabled in UEFI/BIOS settings.
Modern Standby support.
Motherboard firmware set for Unified Extensible Firmware Interface (UEFI), and not Legacy BIOS.
For your reference:
https://support.microsoft.com/en-us/windows/device-encryption-in-windows-10-ad5dcf4b-dbe0-2331-228f-7925c2a3012d
I think some device drivers are not compatible with HSTI.sys.
if windows 10 OS is installed by you of by factory, those are not compatible, so that's why you getting error message.
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/13292c6c-a807-4916-80ac-fea6de9af552
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby
It was working, now it is not... it still is not working.
I was not told about the event viewer. Upon finding it, I found that bitlocker has an event ID 835: "bitlocker cannot use secure boot for integrity because the expected tcg log entry for the loader authority has invalid structure." It goes on to say "the event is expected to be an EV_EFI_VARIABLE_AUTHORITY event. the event data must be formatted as an EFI_VARIABLE_DATA structure with variablename set to EFI_IMAGE_SECURITY_DATABASEGUID and unicodename set to 'db'."