22 Posts
0
1227
m15 R1, turn on Device Encryption in Windows 11 Home
I would like to use Windows 11 Device Encryption with my Alienware m15 R1 laptop. However it is not showing up as an option in Settings. I have UEFI mode on and TPM enabled.
I went through the process of enabled TPM support in the BIOS before I upgraded to Windows 11.
Also in System Information under Device Encryption Support I have this message:
Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA capable bus/device(s) detected
Also, further research indicates that I may need "Modern Standby" mode available. Something about S0 vs S3. Is it possible to turn this on with an m15? If not, would BitLocker work (if I upgrade to Windows 11 Pro)?
Is there another way to get Device Encryption (which is included with Windows 11 Home) turned on without enabling "Modern Standby"?
lam3001
22 Posts
0
February 13th, 2022 09:00
I ended up doing two things to finally get Device Encryption enabled.
First, in the BIOS I turned on Secure Boot. Unfortunately that did not solve the problem (but I think it is necessary).
Second, I followed this article on Super User very closely. In fact I used this person’s PowerShell script: https://superuser.com/a/1589473
First though I had to follow the Microsoft article on giving myself Owner of that key in the Registry. Then I was able to import the addition Allowed DMA Devices into the registry.
This was like the journey to Mordor but I finally got it working, now the data on my drives is protected!
JOcean
7 Technologist
7 Technologist
•
12K Posts
0
February 4th, 2022 16:00
There is substantial information on this page that should help.
U2CAMEB4ME
4 Operator
4 Operator
•
6.2K Posts
0
February 4th, 2022 18:00
Welcome to the Dell Community @lam3001
Look at Alex26m30's and Zolock's replies.
https://answers.microsoft.com/en-us/windows/forum/all/pcr7-configuration-binding-not-possible/ba7aeb33-b1cb-459e-a3e8-c0ad0a17975f
Best regards,
U2