bitlocker and TPM

I am physically in the UK now and purchased as business customer in the UK, have no non-UK credentials, and the UK is approved in this respect according to online sources.  Unless Windows checks my IP address (which is also UK, but belongs to a VPN, and hence is not trusted eg by BBC) this is not an issue.  However Windows 10 says no TPM - I have yet to do the checks on BIOS settings suggested earlier. Thank you!

Check your BIOS configuration.  It's probably just disabled.  Dell has had TPMs in their Latitude and Precision laptops for several years now.

In most countries, the system will have a TPM.  TPMs are not allowed in certain countries -- China among them, so if the system was built for a market that doesn't permit TPMs, your system will not have one.

That is very helpful and I will investigate.  Thank you.

I think the BIOS will prove fruitful.  The support.dell.com page for that system lists TPM firmware updates, after all, so that system definitely exists with TPMs, and I believe Dell systems bound for the EU ship with them.

wowzers, many thanks for the support and I will most certainly do all the digging with this added information.  this forum is so useful.  I  will report back in due course to complete this thread!

On the subject of BitLocker and TPMs, assuming you do find and enable the TPM in your system and use BitLocker as it's intended, make sure you store your Recovery Key somewhere that you can access without using the PC, e.g. in a password manager you can access from a smartphone.  The reason is because of a consequence of the extra security a TPM affords over the standard password-based implementation you linked.

Basically, the convenience of a TPM is that it allows your Windows partition to be encrypted WITHOUT you ever needing to enter the password, which is handy if you ever need to restart your system remotely and count on it to boot up again, for example.  This is possible because the TPM stores the decryption key for the Windows partition -- but the TPM only RELEASES that key at boot-time if it completes a successful "platform integrity validation".  This involves checking various hardware components to ensure that nothing critical has been added, removed, or modified compared to its known "trusted platform", since such changes could have created a compromised security environment and could therefore lead to the decryption key being compromised if the TPM were to release it.  If the platform integrity check fails, the TPM refuses to release the key, and you are then prompted to enter the BitLocker Recovery Key.  Why does this all matter?  Because one item that can cause the platform integrity validation to fail is....a change to the system BIOS version.  The idea is that an attacker/thief could theoretically load a BIOS version that contains a known security vulnerability in an attempt to steal the key, which is why the TPM protects against that -- but this of course means that after a BIOS update, you'll want to have a way to access your Recovery Key.  Once you enter that key, the TPM will "re-seal" itself to the new hardware platform and trust that new configuration going forward, exclusively, i.e. it will NOT trust the old environment anymore. The reason this design affords extra security as I mentioned earlier is that if you see a Recovery Key prompt under completely unexpected circumstances, it could indicate that your system has been tampered with.  The TPM-free password-based implementation of BitLocker offers no such protection.

One way to avoid the need for a Recovery Key in the BIOS update scenario is to choose to SUSPEND (not disable) BitLocker immediately before performing the update.  Suspending BitLocker involves Windows temporarily writing the decryption key to the drive in the clear so that the next reboot does not require the key to be released -- and in this case, the TPM will automatically re-seal to the new environment at next boot.  The key written in the clear is then of course overwritten.

Finally, if you don't like the idea of your system booting without requiring any input from the user, you can add a PIN to the TPM-based security model.  In that case, note that it is completely safe to use a relatively short PIN, because unlike the TPM-less password model, the PIN is NOT the basis for deriving the decryption key.  Instead, it's only an unlock code for the TPM to release the actual key, and since the TPM has built-in mechanisms for slowing down brute force attempts, shorter PINs are reasonable.  However, you would still need the actual Recovery Key in certain scenarios that I described above in this case; the PIN does not replace that.

Other times you may need the Recovery Key is if your motherboard is ever replaced or if you ever need to access that hard drive from a completely different PC, since in either of those cases the TPM that contains your key wouldn't even be available.

The Precision 7710 shares the same BIOS structure as the Precision 7510 =

This is also discussed in the online Precision 7510 Owner's Manual, pages 40 and 43.