Edyxx
1 Nickel

Latitutde 7280 TPM 2.0 with BitLocker

Hi All,

We are still a Windows 7 shop. We use BitLocker for our Latitude and OptiPlex. We have a process in place with SCCM sequence which gives the BIOS a password and activate the TPM chip, install MBAM which kick off the encryption process after uploading the BitLocker key to AD. This has worked perfectly.

We received a new Latitude 7280 and suddenly this process doesn't work. Everything installs fine and MBAM starts the BitLocker process, but after a few seconds it stops. I don't really know what has changed in this model. I see it has now a TPM 2.0 chip. I'm not sure to blame the TPM  chip at all. This is the difference I see between a 7270 and 7280. The 7280 has now a TPM 2.0 chip.

Is it really the TPM chip which prevents BitLocker to start or something else. Must be the BIOS.

Thanks

Edy

0 Kudos
5 Replies
jphughan
5 Tungsten

RE: Latitutde 7280 TPM 2.0 with BitLocker

BitLocker can definitely be enabled on TPM 2.0 chips.  You can always try clearing the TPM in the BIOS just to see if that helps. Also note that TPM 2.0 adds a lot more BIOS options for the TPM specifically, and if any of those aren't set at their defaults, BitLocker can refuse to start -- ask me how I know!  So if you haven't already, try resetting the whole BIOS to factory defaults.  Finally, I know that some Dell systems have had firmware updates for the TPM.  They can be a bit annoying to install because you have to disable TPM auto-provision in Windows, reboot into the BIOS, clear the TPM, then run the update (which reboots you again), re-enable auto-provision, and then reboot AGAIN for Windows to set it up before you can enable BitLocker, but it may resolve the issue.  This is all covered in the Install Instructions section of the firmware update download page, if you have one.

Of course if you do this update on any system ALREADY set up for BitLocker, you'll be wiping the key out of the TPM, but there's a manage-bde command to put it back in that case.

0 Kudos
jphughan
5 Tungsten

RE: Latitutde 7280 TPM 2.0 with BitLocker

EDIT: Just re-read and was reminded that you're on Win7.  I've successfully enabled BitLocker on TPM 2.0 running Windows 10.  I don't know if that matters, but I wanted to clarify.

0 Kudos
Edyxx
1 Nickel

RE: Latitutde 7280 TPM 2.0 with BitLocker

Hi,

Thanks for your message. Today I had the chance to test it with another 7280 laptop. Brand new shipped from factory. I cleared the TPM 2.0 chip, applied the latest TPM firmware upgrade and there was also a new BIOS version available. I installed BitLocker with MBAM and waited until the BitLocker window appear to encrypt the hard drive. Unfortunately it failed again.

I noticed in the event viewer under Microsoft, MBAM following event log:

"An error occurred while applying MBAM policies Volume.....

Error code: 0x80310002

Details:

The BIOS did not correctly communicate with the Trusted Platform Module (TPM)"

Looks like there is indeed a problem with the BIOS or TPM chip.

Thanks,

Edy

0 Kudos
8 Krypton

RE: Latitutde 7280 TPM 2.0 with BitLocker

Does the system have a Skylake (6th gen ,6xxx) CPU or a Kaby Lake (7th gen, 7xxx)?

Starting with Kaby Lake, Windows 10 is required -- no support for anything older.

www.dell.com/.../microsoft-windows-operating-system-support-for-intel-kaby-lake-processors

0 Kudos
glonner
1 Copper

RE: Latitutde 7280 TPM 2.0 with BitLocker

We in fact have Windows 8.1 x64 on our 7280s, and know that they don't offer support for anything earlier than 10. We're continuing to look for a work around.

0 Kudos