Alienware m15 encryption disabled

No idea why someone would suggest that MBR vs. GPT would be a problem.  BitLocker works just fine with both.

Do you have a Thunderbolt device attached?  Thunderbolt peripherals have access to PCIe, which allows DMA, so BitLocker might be seeing that type of device as a potential issue.  BitLocker can be particularly problematic on systems that have Thunderbolt boot support enabled.  The reason is that when BitLocker uses a TPM (which it always does by default), the TPM only releases the decryption key if the system passes a "platform integrity check", which verifies that there haven't been any hardware or firmware configuration changes that might compromise the security of the system and allow the decryption key to be stolen.  If there HAVE been such changes, then the TPM refuses to release the key and you're prompted to enter the Recovery Key.  If you do, then the system "re-seals" against that new hardware/firmware fingerprint, and that becomes the new trusted environment.  The reason this becomes a problem is that when Thunderbolt boot support is enabled, Thunderbolt devices are enumerated at boot time, and since they're on PCIe, they're included in the hardware check.  So for example if you enable BitLocker and later attach a Thunderbolt dock, booting with the dock connected will trigger a Recovery Key prompt.  If you enter that key, then the next time you boot without the dock, you'll see a Recovery Key prompt, and so on.

If you haven't already, try updating your BIOS and Thunderbolt 3 controller firmware, then going into the BIOS Setup, clearing the TPM, and resetting your BIOS to its factory default settings.  If it still doesn't work, are you sure you've installed all necessary drivers for your system at this point?  An unknown device might cause that error.

Thanks for the fast reply jphughan.

Nothing, but the power cord is plugged in the laptop.  But, per the suggestion, I was not running the latest Thunderbolt firmware, so I upgraded the firmware, rebooted to ensure the BIOS defaults were set.  (am running the latest BIOS).  And, I still have the issue.

For a little more context I am running Microsoft Windows [Version 10.0.18362.356] Home edition, so I do not have the bitlocker app, but the encryption is still available.

Still trolling around bing/google to see if I can pinpoint the offending device, so I can at least try to whitelist it in the registry.

Thanks,
Bob

@twopoint71  ok, the note about using Windows 10 Home was important.  Yes, some BitLocker functionality is available on Windows 10 Home for systems that meet certain hardware requirements. You can encrypt the Windows partition, but I'm pretty sure you can't encrypt other partitions or use certain protector types.  Anyway, the typical way it works on Windows 10 Home is that Dell ships the system with BitLocker enabled but in a suspended state, meaning the partition is encrypted but the decryption key is stored on the disk.  If you choose to link your Windows logon account to a Microsoft account, then a Recovery Key gets uploaded to your Microsoft account and BitLocker is fully enabled, which happens instantaneously because all it has to do at that point is purge the decryption key rather than encrypt the data, which had already been done.

I have an XPS 13 9350 running Windows 10 Home and I didn't want to use a Microsoft account to use BitLocker, so instead I found that I could use the manage-bde tool in Command Prompt to enable encryption for my Windows partition.  On my system it just worked, though.  If you haven't already tried manage-bde, give it a try.  If you have, I'm not sure what's going on with yours, especially if it was working prior to a clean install, since my 9350 previously had a clean install using regular Microsoft install media.  Sorry!

Hello jphughan,

I checked out manage-bde.  Unfortunately, the tool just tells me to upgrade my OS to be able to use the features.  The automatic encryption that should take place is blocked by a device with DMA enabled that Windows does not like; hence, the error message.  I'm looking for a way to track the offending device, so I can either whitelist it or get a driver update, but according to Alienware SupportAssist, everything is up to date.

Thanks for the added suggestion,
Bob

@twopoint71  in that case I'm not sure what to suggest next.  I've never encountered that particular error trying to use BitLocker, and if you've got a clean Device Manager at this point (i.e. no unknown devices), which would mean all necessary drivers are installed, then I can't account for why BitLocker would refuse to enable after a clean install if it worked in your previous installation, particularly refusing due to some hardware issue when the hardware obviously wouldn't have changed between those Windows installations.  Sorry!

mods please remove this duplicate post

@twopoint71  glad to hear you got it sorted!  Yes, manage-bde is a rather useful tool, especially if you have a Pro version of Windows and therefore have access to BitLocker's full feature set.  It's also available in Windows PE/RE environments if you ever need to unlock your partition in a recovery environment of some kind.  Or if you prefer PowerShell, that application has also been broken up into various PowerShell cmdlets, although I don't believe those are available in WinPE/RE.  Documentation of both the application and the cmdlets is available here.  Enjoy!