Skip to main content
Start a Conversation

Unsolved

trogau

1 Rookie

 • 

13 Posts

716

August 7th, 2021 18:00

Inspiron 3493 Windows 10 Home Device Encryption unavailable

Hi all,

Our company has several Dell Inspiron 3493s (amongst other devices, but this model is our most common) running Windows 10 Home. I joined only recently but as far as I can tell, all of these devices came with Windows 10 Home Device Encryption enabled by default/out of the box.

I've just been re-purposing one for a new user and noticed that the "Device encryption settings" menu was totally missing. At first I thought it was a TPM issue, but TPM shows as enabled (in PowerShell via Get-TPM) and reporting normally.

After some searching, I discovered that System Information->System Summary->Device Encryption Support has the message:

"Reasons for failed automatic device encryption: Un-allowed DMA capable bus/device(s) detected."

Microsoft have this page which explains the error ("Windows detected at least one potential external DMA capable bus or device that may expose a DMA threat"), and says "To resolve this issue, contact the IHV(s) to determine if this device has no external DMA ports."

I'm not sure what this bus or device could be, but the article goes on to explain how to allow them. I have no idea how to identify what the "detected device" is (if any?!) to add it to the allow list.

Just to see if it worked, I removed everything from the blocklist key mentioned in the article (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\Default\UnallowedBuses). After a reboot, the message in System Information is gone and Device Encryption is now available.

Turned on Device Encryption, reset the state of the \UnallowedBuses key, rebooted again, and it all seems to be there. `manage-bde` reports the encryption is enabled on the C:.

Disabling Device Encryption and rebooting restores it to original "broken" state with Device Encryption no longer available.

I have opened a support case with Dell about this and (perhaps unsurprisingly) after the usual diagnostics, they told me it's an OS problem and to go talk to Microsoft.

Before I go down this rabbit hole I was hoping to check if anyone out there in Dell-land had a Windows 10 Home system that they may have recently re-installed to see if Device Encryption is no longer available when it may have been previously? I am wondering if this is the side effect of a recent OS update, or a recent Dell driver update, that may be impacting systems that were working normally.

Thanks for any suggestions.

DELL-Cares

Moderator

 • 

27.6K Posts

 • 

73 Points

August 8th, 2021 12:00

We tried reaching you on a private message asking for the Service Tag number to ascertain the warranty but did not receive a response. Please feel free to reply to the private message whenever you are available.

XPS_Man

7 Practitioner

 • 

2.4K Posts

 • 

12K Points

August 10th, 2021 19:00

Are these system running Stock Dell images or did you deploy any custom image of yours

I have over 200 machines and only had this issue if a User has disabled secure boot. 

I would say Get one of the Machine out for R&D 

Check with Stock OS (dell OS recovery tool), Microsoft's Image (media creation tool)  or your image (if any) 

trogau

1 Rookie

 • 

13 Posts

August 10th, 2021 20:00

Hi,

 

They are all running stock Dell images. The machine I had this problem on I did a factory reset using the built-in Dell tool, which gave me the option to download a fresh image (which I did), but before I did that it was still running the original out-of-the-box install.

I am 99.9% sure Secure Boot is still enabled but I'll double check that next time I'm in the office (COVID lockdowns making diagnosing this a bit of a pain!).

I have since confirmed with a bunch of our other machines (mostly Inspiron 3493s, but a few other random ones including a couple of XPS) and they are all happily running Device Encryption with no problems. So either it's this one machine having a weird issue, or it's a new problem that has appeared in the latest Windows image and/or Dell firmware/BIOS/something else.

My next step will be to see if I can install from an old stored image on the drive (instead of downloading a new fresh Windows image) and see what happens there.

Thanks for the feeedback.

trogau

1 Rookie

 • 

13 Posts

August 11th, 2021 18:00

Not directly related but Dell support keep Private Messaging me about this - they have so far just sent me the MS link I included in my OP and asked me to try the steps in there, ignoring the fact that a) I already am aware of that link and b) already tried it as outlined here and c) that the solution in the MS article is specifically about contacting IHVs like Dell to get specific technical information.

I have asked them to stop PMing me and discuss publicly (what is the point of a support forum if the support representatives just PM users?!).

trogau

1 Rookie

 • 

13 Posts

August 12th, 2021 22:00

Hi there, We want to make sure your system is working fine and hence following up. Having said that, we do not want to disturb you with numerous messages. We will wait to hear from you to continue the conversation.

trogau

1 Rookie

 • 

13 Posts

August 16th, 2021 18:00

Hi there, We want to make sure your system is working fine and hence following up. Having said that, we do not want to disturb you with numerous messages. We will wait to hear from you to continue the conversation.

Was this post helpful?

View All

No Events found!

Top