XPS 9560 TPM Bitlocker issues

Sorry to hear this, and I haven’t heard of this specific issue, but in terms of a fix, if Dell has acknowledged this as a BIOS issue, the best you can probably do to keep BitLocker without this issue would be to switch to using regular password-based protection rather than TPM-based until you receive and deploy a BIOS fix. But be aware of a few things:

- You’d have to enable this option in Group Policy since by default password protection isn’t allowed for OS partitions.

- You will lose the “platform integrity check” that a TPM-based solution provides, which causes a lockdown and Recovery Key prompt if it detects that something has changed about the hardware/firmware environment that might represent a security threat.

- Make sure the minimum password length is high. I would recommend at least 12 characters if not 16. With a TPM+PIN setup, the PIN can be short because the PIN is not a key element for deriving the decryption key. But in a password scenario, the password is the derivation of the key, and since there’s no mechanism to slow down brute force attempts against regular passwords, you’ve got to mitigate that risk. The best way to do that is with length rather than complexity because users find it easier to both remember and type long easy passwords than short gnarly ones — AND long passwords are also typically also more resistant to brute force because attackers typically try all combinations of shorter passwords first. I normally advise users to take a normal password and add something like a phone number or 2-3 significant ZIP codes or dates to their password, or even a basic pattern of characters. Any of those give you a lot of length while keeping it easy to remember and type — and again, the goal is just length in a brute force scenario, not complexity.

EDIT: Duplicate

In addition to my answer above, I forgot to mention that after allowing password-based protection in Group Policy and confirming that systems have received that update, I’m fairly certain you can even switch from TPM to password-based encryption WITHOUT having to decrypt and re-encrypt the drive. You’d just need to use manage-bde or the equivalent PowerShell cmdlets to remove the TPM protector and then add a password protector instead. The protector corresponding to your Recovery Key would remain in effect and unchanged.

I experienced the exact same problem with my Dell XPS 15 9650 with the TPM disappearing from BIOS.  After a lot of investigation, I determined the root of the problem is related to the battery.  When the laptop is not plugged into power and the unit was powered down for an hour, upon boot-up I was prompted for the Bitlocker Recovery Key.  To clear the problem, I has to disconnect the battery then reconnect.  This seems to temporarily clear the problem and restores the TPM.  However, the problem will continue to occur.  What I discovered is keeping the power plugged in, or permanently disconnecting the battery resolves the problem.  I suspect that as the battery ages, the voltage drops off on boot-up, possibly causing a BIOS/CMOS issue, resulting in the BIOS not loading the TPM.  I recently upgraded the BIOS to the latest version V 1.15.0 (2019-05-23), but even this did not fix the problem.  Dell needs update the BIOS to resolve this problem.

It looks like Dell released a new BIOS with release notes: Fixed the issue where the TPM option disappears from the BIOS setup menu intermittently.

https://www.dell.com/support/home/nl/nl/nlbsdt1/drivers/driversdetails?driverid=M6JTG&oscode=WT64A&productcode=xps-15-9560-laptop

I haven't been able to test it, but maybe you can test it?

I updates the BIOS to V 1.16 at it appears to have resolved the problem.

I also did that.

After the disconnect i also hold the power-button for 30-60 seconds.

I also remove my memory modules, but it didn't solved anything...............

If you're still having the problem where you're being prompted for the bitlocker recovery key at boot-up, remove the back cover, disconnect the battery, then reconnect.  That cleared the problem for me.

Well ... I have nearly the same issues with the tpm module as described in this thread. The fun part is, that I have this errors since I installed the new BIOS 1.16. Before this moment I did not know anything about this kind of error.

I don't want to rush into anything here! Although I have to tell you that it looks like the 1.16 bios update has messed up my tpm module quite a bit.

The same happened to me. No problems until i updated Firmware to 1.16. Now i get an error each time i boot, saying "Alert! TPM device ist not detecte".

Same problem here - after the latest Dell suggested firmware upgrade.

Hello everyone,

Yes, I am another victim of Dell's poor quality control and software testing. 

Currently I am running a Dell XPS15 with 32GB.   I upgraded to the 1.16 and behold my TPM device disappeared. 

If I backup to 1.15 I can get back my TPM device.  Currently I am 1.18 and every time I reboot my system I have to endure the "Alert TPM device is not detected message." 

I can understand how small instability issues can arise during software updates but come on Dell!   A BIOS update that removes a key component of the hardware.  How does this escape quality control and testing?

Has anyone figured how to solve this issue?

Thanks,

Mark