This post is more than 5 years old
4 Posts
3
38231
Dell Latitude E7270/E7470 System BIOS 1.15.4, Bitlocker fails
E7470 laptop was running fine on BIOS 1.12.3 but received security advisory concerning AMT vulnerability.
BIOS 1.15.4 was just released to address concerns for security advisory CVE-2017-5689 / INTEL-SA-00075. Applied BIOS revision to the E7470, but after applying it continued to prompt for Bitlocker code after each restart. Unable to successfully leave Bitlocker protectors on without being prompted for code after each reboot so opted for reimage.
Ran through process of reimaging computer via MDT, but now receive error in smsts logs:
'ProtectKeyWithTPM' failed (2150694914)
Failed to enable key protectors (0x80310002)
Failed to run the action: Enable BitLocker.
The BIOS did not correctly communicate with the Trusted Platform Module (TPM). Contact the computer manufacturer for BIOS upgrade instructions. (Error: 80310002; Source: Windows)
Can someone please confirm issue with this latest BIOS and will need Dell to re-evaluate.
Thanks
T
chris321123
9 Posts
0
May 29th, 2017 08:00
i have the same Problem. E7470 and E5570 with newest Bios.
with Windows 10 LTSB 2016
WouterE7470
4 Posts
0
May 29th, 2017 13:00
I have exactly the same issue. Updated from 1.12.x (not sure) to 1.15.4, to hopefully the TPM issues I encountered. Steps taken before applying the update:
- Suspend bios
- Decrtypt disk drive
- Apply bios update
- Clear TPM after reboot
At this point the TPM module isnt recognized at all anymore in Windows 10. Under the device manager there are no security devices registered. I tried turning TPM off and after a reboot turn it on again but to no avail.
Any news what to do? I dare not risk bricking my motherboard by applying an earlier version.
Please advice.
WouterE7470
4 Posts
0
May 30th, 2017 04:00
I have also followed the steps below as suggested in another topic:
But unfortunately the TPM module still isnt listed as security device.
chris321123
9 Posts
0
May 30th, 2017 08:00
so i´am testing
E7470 with new Bios and Windows 10 and Legacy BIOS dont work. UEFI works !!
www.dell.com/.../resolving-a-problem-enabling-bitlocker-on-a-latitude-exx70-pc-with-windows-10-installed
i make a dell call tomorrow. Sorry Dell but this is not okay.
MarPor
5 Posts
0
May 30th, 2017 12:00
I downgraded from 1.15.4 to 1.11.3 with success and no more getting BitLocker prompt at boot.
fusioncha0s
9 Posts
0
May 30th, 2017 13:00
I have everything as you stated and it still does not allow me to enable bitlocker. TPM 1.2 listed in device manager, BIOS 1.15.4, Legacy enabled, secure boot disabled.
Secure boot is what it says. It is extra security to the boot when UEFI is enabled. Only works with windows 8 or higher
WouterE7470
4 Posts
0
May 30th, 2017 13:00
On my laptop it shows TPM 2.0 in the Device Manager. (Note: Before disabling the secure boot option, it didn't show up at all on my machine)
Maybe try to update TPM from 1.2 to 2.0 via the update tool as suggested in this KB article?
WouterE7470
4 Posts
0
May 30th, 2017 13:00
I've solved the issue on my E7470 by disabling the secure boot option in the bios. I've also ticked the following boxes in the advanced boot options: Enable legacy option ROMs, Enable attemt legacy boot. Not sure if these are also required, but now the Security Devices and Trusted Platform Module 2.0 are listed again in the Device Manager. Bitlocker is at 99,1% encrypting my C drive, so all seems well again. :) (note still using bios 1.15.4)
I have no clue what I am missing by disabling the secure boot option in the bios? Can anybody elaborate on that?
michaelbaranov
2 Posts
0
June 1st, 2017 02:00
The same problem here. Got E7270 updated to 1.15.4 everything seemed to be ok, so we got second E7270 updated. After laptops were shut down(restart went with no issues) bitlocker started asking key for every boot.
We rolled BIOS back to 1.10.4.
Cali Duck
22 Posts
0
June 1st, 2017 09:00
Curious - you rolled back to 1.10.4, but does 1.11.3 work with Bitlocker?
michaelbaranov
2 Posts
0
June 1st, 2017 11:00
Actually one was rolled to 1.10.4 and the second to 1.13. Both work with Bitlocker. Just had to activate it in bios after flashing.
BarnYardHouse
6 Posts
0
June 2nd, 2017 11:00
I guess Dell won't be coming out with a fix? Problem for me right now is not being able to enable bitlocker encryption. When I try to turn on Bitlocker I get "The TPM on this computer does not work with the current BIOS. Contact the computer manufacturer for BIOS upgrade instructions.
I've tried both current BIOS version and older BIOS version and I still get the same result.
Cali Duck
22 Posts
0
June 2nd, 2017 11:00
Have you tried this?
1.) Completely disable the TPM chip.
2.) Downgrade the BIOS to v1.12.3
3.) Enable TPM
4.) Reboot
5.) Clear the TPM
6.) Upgrade the TPM to FW v5.81.2.1
If the OS can see see the TPM chip, that's good. Now its just a matter of using the right BIOS
avanderlaan
4 Posts
0
June 8th, 2017 15:00
I actually ran into this issue last week on an E7470 with no TPM enabled. I decrypted after the bios upgrade and re-encrypted but the bitlocker screen comes getting back. I am certain it is a setting in the 1.15.4 bios and I am very disappointed that Dell does not have a proper write up for this or can produce an update that does not hamper its enterprise users.
TS-NYC
4 Posts
0
June 8th, 2017 17:00
Everyone, let us not forget that the point of going to the latest B here is to address AMT vulnerability. In my case, I would need both the ability to patch this vulnerability AND Bitlocker to be enabled without asking me for code each startup.
Chris, it has been some time now. Any news from the engineers?