Highlighted
RichInCLE
1 Nickel

Win 7 x64 & UEFI boot vs. TPM 2.0 & Bitlocker on Opti 7040 Micro

Jump to solution

Greetings, all! Here's one that will make you scratch your head. If you've solved this issue please enlighten us!

SCENARIO: Optiplex 7040 Micro, BIOS 1.5.10, UEFI boot for Win 7 64-bit, Win 7 Enterprise 64-bit installed OK, updated to Dell TPM 2.0 applied from here , Microsoft TPM 2.0 Hotfix 459309 for Win 7 applied from here . TPM On and Enabled in BIOS. We want this configuration for maximum security (need to be HIPPA compliant).

From Windows control panel turned on Bitlocker drive encryption (next, next, next, etc.) and Bitlocker finishes. Upon reboot the system displays "Windows is loading files..." message on screen after reboot. Nothing else happens, never loads Windows, just sits there.

Tried just about every different combination of TPM options in BIOS and no change. Even tried to clear TPM and disable TPM, same thing. 

I contacted Dell Tech Direct and their solution was basically "Upgrade to Windows 10". For a number of reasons we cannot upgrade our environment to Win10. Meanwhile I have about three dozen 7040 Micros waiting to be imaged and deployed.

Next I re-did the Win 7 x64 install using Legacy boot, applied the hotfix (still TPM 2.0) and tried bitlocker again. While it was doing "Initializing the TPM security hardware" step it crashed with Error Code 0x80280285: "A problem occurred during BitLocker setup. You may need to restart BitLocker setup to continue." Nice. I have a feeling I'm going to have to back down to TPM 1.2 with Legacy Boot to get bitlocker to work on Win7-64 on this hardware.

If any of you have come across this issue and SOLVED IT please share your magic sauce of  combinations of Windows & Dell patches and possibly voodoo.

Rich M. in CLE OH

0 Kudos
1 Solution

Accepted Solutions
RichInCLE
1 Nickel

RE: Win 7 x64 & UEFI boot vs. TPM 2.0 & Bitlocker on Opti 7040 Micro

Jump to solution

Thanks MAXD for the link to that BIOS!

I upgraded my test unit and used UEFI, installed Win7-64 from image. Still has TPM 2.0.

Turned on Bitlocker and it survived after reboot!

To test again I went back to Legacy Boot, re-imaged Win7-64, same TMP 2.0. When I tried to start bitlocker it displays, "The Trusted Platform Module (TPM) on this computer does not work with the current BIOS. Contact the computer manufacturer for BIOS upgrade instructions."

So here's what we now know:

1. If you want UEFI boot for Win7-64 and use bitlocker use the new 1.6.5 BIOS and TPM 2.0

2. If you want Legacy boot for Win7-64 and use bitlocker revert to 1.5.10 BIOS and TPM 1.2. This will also work for 32-bit Win 7 (I have about 200 7040 Micros configured this way).

NEXT BIG THING: My vendor tells me Dell has discontinued the 7040 Micro; its replacement is the 7050 Micro. I wonder if I'm going to have to start from scratch on these. We're ordering them with 6th gen Intel CPUs so we can run Win 7 on them, but haven't gotten one in yet to test.

LATITUDE 5480 SAME EXACT PROBLEM! Tried BIOS 1.3.3 and BIOS 1.5.2. Should I start a new thread for this one? MAXD next time your in CLE OH I'll buy you a beer!

-Rich in CLE

0 Kudos
3 Replies
maxd
4 Ruthenium

RE: Win 7 x64 & UEFI boot vs. TPM 2.0 & Bitlocker on Opti 7040 Micro

Jump to solution

Possibly this urgent bios update would help:

www.dell.com/.../DriversDetails

0 Kudos
RichInCLE
1 Nickel

RE: Win 7 x64 & UEFI boot vs. TPM 2.0 & Bitlocker on Opti 7040 Micro

Jump to solution

Thanks MAXD for the link to that BIOS!

I upgraded my test unit and used UEFI, installed Win7-64 from image. Still has TPM 2.0.

Turned on Bitlocker and it survived after reboot!

To test again I went back to Legacy Boot, re-imaged Win7-64, same TMP 2.0. When I tried to start bitlocker it displays, "The Trusted Platform Module (TPM) on this computer does not work with the current BIOS. Contact the computer manufacturer for BIOS upgrade instructions."

So here's what we now know:

1. If you want UEFI boot for Win7-64 and use bitlocker use the new 1.6.5 BIOS and TPM 2.0

2. If you want Legacy boot for Win7-64 and use bitlocker revert to 1.5.10 BIOS and TPM 1.2. This will also work for 32-bit Win 7 (I have about 200 7040 Micros configured this way).

NEXT BIG THING: My vendor tells me Dell has discontinued the 7040 Micro; its replacement is the 7050 Micro. I wonder if I'm going to have to start from scratch on these. We're ordering them with 6th gen Intel CPUs so we can run Win 7 on them, but haven't gotten one in yet to test.

LATITUDE 5480 SAME EXACT PROBLEM! Tried BIOS 1.3.3 and BIOS 1.5.2. Should I start a new thread for this one? MAXD next time your in CLE OH I'll buy you a beer!

-Rich in CLE

0 Kudos
maxd
4 Ruthenium

RE: Win 7 x64 & UEFI boot vs. TPM 2.0 & Bitlocker on Opti 7040 Micro

Jump to solution

New thread ? yes

<ADMIN NOTE: Broken link has been removed from this post by Dell>

en.community.dell.com/.../20003600

Sorry, all I got.

0 Kudos