PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834

Question

In our office we are trying to swap over from using McAfee's encryption tool to managing Bitlocker via Workspace One (formerly Airwatch). I was able to successfully apply Bitlocker to two Lenovo models T470s. After those worked, I pushed the same profile over to a test T480s. It went into Bitlocker recover on every boot. When I went into the system information, I got the following entry for the Device Encryption Support Reasons for failed automatic device encryption field: "PCR7 binding is not supported, Un-allowed DMA capable bus/device(s)"

I was able to fix the DMA issue by adding the "PCI Express Upstream Switch Port" under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses with the appropriate key value. What I can't get working is the PCR7 binding. No matter what I try I still get "PCR7 Configuration Binding Not Possible" on the T480 and T490 models. Whenever I try to encrypt it I get the following messages in the event logs for Bitlocker API:

Event 813 - "BitLocker cannot use Secure Boot for integrity because the expected TCG Log entry for variable 'CurrentPolicy' is missing or invalid."
Event 834 - "BitLocker determined that the TCG log is invalid for use of Secure Boot. The filtered TCG log for PCR[7] is included in this event."

I have updated the OS and BIOS. I have ensured that the the TPM module and Secure Boot are enabled in the BIOS. I have even toggled them off and back on again to make sure they are on.

The TPM module appears to be correct:
wmic /namespace:\root\cimv2\security\microsofttpm path win32_tpm get * /format:list

IsActivated_InitialValue=TRUE
IsEnabled_InitialValue=TRUE
IsOwned_InitialValue=TRUE
ManufacturerId=1229346816
ManufacturerIdTxt=IFX
ManufacturerVersion=7.63.3353.0
ManufacturerVersionFull20=7.63.13.6400
ManufacturerVersionInfo=SLB9670
PhysicalPresenceVersionInfo=1.3
SpecVersion=2.0, 0, 1.16

I've confirmed the SecureBoot both in the system info, manually in the BIOS, and by using the following powershell commands:
PS C:\WINDOWS\system32> Confirm-SecureBootUEFI
True
PS C:\WINDOWS\system32> Get-SecureBootPolicy

Publisher Version

---

77fa9abd-0359-4d32-bd60-28f4e78f784b 1

If I try to push Bitlocker on the t480s and run "Manage-bde -protectors -get %systemdrive%" I get the PCR values 0, 2, 4, 11. If I do it on the t470s I've encrypted I get the proper PCR 7, 11.

Both are Microsoft Windows 10 Pro version 1909, all current patches applied.

I suspect something with our image is causing the issue or issues. Normally I would try to pave over our image with a fresh install of Windows 10 to confirm, but with our main office closed I won't be able to re-apply the image to the device after doing so.

Does anyone have any tips on how to isolate exactly what is causing the PCR7 bind issue? Someone mention the tpmtool that is supposed to be included but it isn't on here and the only documentation I can find on it is under the windows 10 server documention section.

source link: https://social.technet.microsoft.com/Forums/en-US/1bfddcfe-46d2-468e-9db4-e19a37f4d2ab/pcr7-configuration-binding-not-possible-bitlocker-event-ids-813-834?forum=win10itprosecurity

Answer 1

If it's not 7,11, then you likely are either not using UEFI+Secure Boot (perhaps UEFI in CSM mode instead?) or the certificates in Secure Boot are preventing binding (if there's more than one root certificate, for instance, Bitlocker won't bind to PCR7 because it cannot verify which root authority is the proper authority).

There are ways to read the TCG log and the register data for the PCRs, but the easiest way to start troubleshooting is to enable all the debug Bitlocker logs in the event viewer and then use manage-bde on a clean machine of that type to see what Bitlocker wants to do on its own, and in the logs you should see "why" it chooses what it does.