Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

SQx

16 Posts

7608

April 8th, 2018 13:00

XPS 9365 - Bitlocker Recovery Key on every startup

Hello

After last updating Dell Update, I'm getting messages "Bitlocker Recovery Key on every startup". TPM option is missing in the system BIOS setup XPS.

Windows can't detect TPM.

powershell.exe get-tpm


TpmPresent                : False
TpmReady                  : False
ManufacturerId            : 0
ManufacturerIdTxt         :
ManufacturerVersion       :
ManufacturerVersionFull20 :
ManagedAuthLevel          : Full
OwnerAuth                 :
OwnerClearDisabled        : True
AutoProvisioning          : NotDefined
LockedOut                 : False
LockoutHealTime           :
LockoutCount              :
LockoutMax                :
SelfTest                  :

What can I do to fix that?

 

jphughan

9 Legend

 • 

14K Posts

April 9th, 2018 13:00

Just fyi, the TPM firmware update is not a simple installation; it requires 3 reboots and a few prep steps beforehand and then a cleanup step afterward.  Make sure you read the Installation Instructions on the support.dell.com download page for that update.  However, since one of those prep steps is jumping into the BIOS to clear the TPM, and the OP doesn't have TPM options listed in the BIOS anymore, I'm not sure the firmware update will even run.

jphughan

9 Legend

 • 

14K Posts

April 8th, 2018 14:00

Sorry, I missed that you don’t see any TPM options in the BIOS. In that case I wonder if this is a bug in a recent firmware update or something. On other models, recent firmware updates have killed things like the HDMI output or the legacy serial port on the docking station, so maybe this update messed up the TPM. In that case, you can try rolling back to an older firmware, but you may still have to do what I mentioned above to get BitLocker set up to work with the TPM again.

jphughan

9 Legend

 • 

14K Posts

April 8th, 2018 14:00

I’m surprised you were even able to enable BitLocker if no TPM is detected. Check the BIOS to see if the TPM might be disabled there. If not, try just clearing it, then decrypt the drive and try enabling BitLocker again. Make sure you back up your new Recovery Key. Or if you know how to do it, you can use manage-bde to manually add a TPM protector to your existing encrypted partition to avoid decrypting and re-encrypting.

SQx

16 Posts

April 8th, 2018 14:00

Hello jphughan,

Before that, I received message about urgent update. 
I do not know what it is better to be vulnerable or with a bug.

Saltgrass

4 Operator

 • 

4.3K Posts

April 8th, 2018 17:00

You might check the link and see if your system shows a BitLocker key.  I have had to enter mine several times, usually after a new install or reset.

https://support.microsoft.com/en-us/help/17133/windows-8-bitlocker-recovery-keys-frequently-asked-questions

SQx

16 Posts

April 8th, 2018 18:00

Hello Saltgrass,

I have the Bitlocker recovery key, but I don't want insert it at every boot. 
I see you also have a XPS 13 9365, could you please reproduce the problem with TPM?

jphughan

9 Legend

 • 

14K Posts

April 8th, 2018 19:00

Try manually downloading the latest BIOS release (here) and reinstalling it even if it's the same version you're already running.  On my wife's XPS 13 9350, I updated her BIOS and the system said everything went fine, but later on I noticed that every time I put it to sleep, it would completely cut power, which of course meant I lost everything that was open at that time.  I didn't initially remember the BIOS update I'd performed, so I was about to perform a clean Windows install thinking this was an OS/driver issue, but before committing a few hours to doing that, I decided I may as well spend a minute reinstalling the same BIOS update again before going down the clean install road.  I didn't expect it would work, but it fixed the issue.  Maybe that will bring back your TPM options in the BIOS.

<ADMIN NOTE: Broken link has been removed from this post by Dell>

Saltgrass

4 Operator

 • 

4.3K Posts

April 8th, 2018 20:00

What does the TPM.msc show. There is also a TPMinit.exe, which I have never run.

If you want me to check something on my system, let me know.

SQx

16 Posts

April 8th, 2018 20:00

I already tried (before discussing here), the problem is also reproduced.

Saltgrass

4 Operator

 • 

4.3K Posts

April 8th, 2018 21:00

You have turned off BitLocker and decrypted the drive?

SQx

16 Posts

April 9th, 2018 03:00

Yes.

Saltgrass

4 Operator

 • 

4.3K Posts

April 9th, 2018 06:00

Check in Settings, Updates & Security, and below the Windows Insider entry.  Do you have an encrypt this device type option?

SQx

16 Posts

April 9th, 2018 13:00

No, I don't have.

Device Encryption Support	Reasons for failed automatic device encryption: TPM is not usable, PCR7 binding is not supported, Disabled by policy, TPM is not usable

 

Saltgrass

4 Operator

 • 

4.3K Posts

April 9th, 2018 13:00

Does the tpm.msc run?
There is a firmware update for the TPM on the driver download site, I suppose you have already tried that?

On my system the option you checked in settings allows me to turn on encryption.

I will see if I can find out whether the TPMInit.exe utility might make a difference.

Saltgrass

4 Operator

 • 

4.3K Posts

April 9th, 2018 13:00

I found this site that might help.  If you have already run the firmware upgrade you have TPM 2.0 or 1.2 if you have not.

https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm

If the firmware upgrade cannot find the TPM, as mentioned, it may not work.  I don't suppose any registry or group policy modifications may be involved?

Was this post helpful?

View All

No Events found!

Top