Latitude E6540 use SSD with hardware encryption - TPM 2.0

I forgot to address TPM 2.0 in my earlier post. The TPM firmware upgrade process involves several steps and several reboots. Read the Installation Instructions section of the download details page for that update on support.dell.com. Basically you have to disable TPM auto-provisioning in Windows, reboot into the BIOS, clear the TPM (make sure you have your BitLocker Recovery Key!!), then boot into Windows to start the firmware update, which involves another reboot, then after that reboot you need to re-enable TPM auto-provisioning and reboot once more time.

Enabling BitLocker hardware encryption support involves installing Windows, then prepping it with Samsung Magician, which itself involves secure erasing the drive and then reinstalling Windows. One issue though is that at least last time I checked, Microsoft and Samsung both said to check with each other for how to perform a secure erase later, which isn’t very reassuring.

Another way to use hardware encryption is to enable an HDD password in the BIOS, but that can complicate data recovery from other systems later. A friend of mine used that method on his 850 Evo in a Latitude E7440, and after his laptop died, I installed his SSD in my XPS 15 9530, and even though the HDD password was right, my system wouldn’t unlock the drive. I ended up having to get another E7440 to help him — so I really don’t recommend that method either. The only other way is TCG/OPAL, but that’s only available through encryption solutions meant for enterprises.

So that leaves software encryption. I use that even on systems that support hardware encryption because it doesn’t have any of the problems I just mentioned, and the only theoretical drawback is performance, which is theoretical because CPUs for the last decade or so have had hardware acceleration for AES encryption/decryption operations, which means they can do those things even at NVMe SSD speeds with no performance penalty. SATA SSD speeds are much slower.

Thank you for the answer. I just wonder if the E6540 actually supports TPM2. This is not clear to me and I can't find detailed information about this.

I am astonished that there is no clear documentation available - at least none that can be found by google...

We use BitLocker here all the time (over 1000 images).  I've never had to use any "Samsung Magician" or any other prestidigitator for that matter.  We image the devices, ensure BitLocker is enabled in the GPO (EVEN IF your device is not part of an Active Directory Domain), then turn it on and let it go.  Now, with that said, the entire reason I am here is that we are now requiring upgrades from TPM 1.2 to TPM 2.0.  HP machines I have exactly ZERO problem on--but EVERY SINGLE DELL I have tried to update with their generic OptiPlex/Latitude/XPS update utility has thrown that exact same error you have just mentioned...and yes I read that very poorly written document several times, took it step by step multiple times, and even tried external boot devices--all to the exact same end.  I have checked the firewall and it does not seem to be a firewall issue (which wouldn't make sense anyway since I tried a generic external boot device taking it off line and off disk.).  I was so hoping that someone would address that irritating TPM error.  (Yes, I cleared TPM, Released ownership--tried it in an unready status, re-enabled it, and tried it in a ready status... I've done everything that document has asked... and it keeps that same error out there.)

I posted a reply which seems to not have hit--but I think I answered our question about the problem with TPM 2.0 on Dells:<ADMIN NOTE: Broken link has been removed from this post by Dell>Notice it states that the Processor has to be Skylake or Kaby Lake processors. The last one I tried updating was an i5-4310M which as near as I can tell is a Hassle--or I mean um... Haswell series processor. I'm betting that is the entire problem right there.

I guarantee to you that win 11 will run with tpm 1.2 normally 

No its tpm version not switchable you can assure by viewing the list on Dell support there is no place for your laptop