06-08-2018 06:03 AM
Re: BitLocker Failure - Latitude 7480
I found the solution for my case.
The following Kaby Lake platforms support the firmware flash between 1.2 and 2.0:
- Latitude 5280/5288
- Latitude 5480/5488
- Latitude 5580
- Latitude 7280
- Latitude 7480
- OptiPlex 5050
- PowerEdge T30
- Precision 3520
For the Kaby Lake systems listed above, follow the steps below to downgrade the TPM firmware from 2.0 to 1.2:
- Disable BitLocker first from the Manage BitLocker pane if currently enabled.
- Open a PowerShell prompt as administrator
- Type the PowerShell command "Disable-TpmAutoProvisioning" (no quotes) and hit Enter.
- Confirm the result "AutoProvisioning : Disabled" before proceeding
- Click Start and type tpm.msc in the search box, then hit Enter.
- In the right-side Actions pane, select Clear TPM...
- Reboot and hit F12 to proceed with clearing when prompted. I have also discovered that F12 on external keyboards doesn't seem to work on Laptops; you must open the lid and use the built-in keyboard.
- Download and Run the Kaby Lake TPM 1.2 firmware utility (Version 126.96.36.199, V2, 64 Bit)from the following location: http://www.dell.com/support/home/gy/en/gydhs1/drivers/DriversDetails?productCode=latitude-14-7480-la...
- Run this program as administrator. Reboot when prompted to change the firmware. Ensure that the laptop is connected to power; the firmware update will not proceed if you are on battery power. Additionally, there is a 32 Bit version of the firmware downgrade. You must use the correct version for your architecture.
- After the laptop completes the firmware upgrade and reboots, verify in the Device Manager > Security devices section (or in the BIOS > Security section) that it says TPM 1.2 Security.
- Turn on BitLocker.
- After Bitlocker is enabled and encryption is complete, have the user suspend protection before the first reboot. Otherwise BitLocker tends to lock the first time. This is the same as we used to have to do if BitLocker tripped for any reason; not sure why it's necessary after the initial setup but having it suspended before shutting down or rebooting the first time seems to avoid a lot of BitLocker locks.