• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎03-19-2022 01:39 PM - edited ‎03-19-2022 02:26 PM

HP Recommended
Product: OMEN 15.6 inch Gaming Laptop PC 15-en1000 (2L1F1AV)
Operating System: Microsoft Windows 11

I have a recent Omen laptop and just realized the OS drive is not encrypted, which means if it gets stolen, someone could extract the SSD drive, connect it to some other computer and extract sensitive data. 

 

So I try enabling it, but can't find any option in Windows for drive encryption.  I don't see the "Device Encryption" option anywhere.  I'm surprised, because it's a very recent laptop it has TPM 2.0, Secure Boot enabled and I can see in msinfo32 that "BIOS Mode" is set to UEFI.

 

Question Do we know if this computer platform has proper h/w support for Windows 11's Device Encryption?  Maybe I need to toggle some BIOS setting?   

 

This HP post (https://support.hp.com/in-en/document/c06458046) talks about encryption enabled by default for computers that support "Modern Standby".  Not sure what that is and if this is a hard requirement or not to get Device Encryption.  But in any cases, you would think HP would take data security seriously and enable data encryption by default on all its laptops.

 

My computer model :

  • Omen 15-en1008ca
  • Windows 11 Home edition (updated from Windows 10 Home)
  • AMD Ryzen™ 5 5600H with RTX 3060.
  • Purchased in October 2021

 

Thanks

 

P.S.: Being under warranty, I contacted HP chat line for help.  I unfortunately got zero help.  They can't tell me if this laptop should come with device encryption or not, if it has required h/w support for it or not, or anything else to help me with this issue.  I was told HP doesn't help with data and to contact Microsoft Support.  Unfortunately a very bad experience.  ;-(

Category:
2 people had the same question
7 REPLIES 7

‎03-19-2022 02:08 PM

HP Recommended

I don't recommend to encrypt your data since amd cpus tpm are buggy you didn't notice lagg or sound bugs while opening apps or opening windows while headset plugging like noise .

Well you can right click on the drive you want to encrypt it and select bitlocker it will be encrypted but i don't recommend do that until amd release fix for tpm may or hp o don't know 

Was this reply helpful? Yes No

‎03-19-2022 02:38 PM - edited ‎03-19-2022 03:53 PM

HP Recommended

OK, ... I just found these instructions from Microsoft (https://support.microsoft.com/en-us/windows/device-encryption-in-windows-ad5dcf4b-dbe0-2331-228f-792...)  to find if Device Encryption is available for your laptop :

 

  1. Run msinfo32 -- "right-click, run as administrator"
  2. At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device.

 

In my case, it does *not* meet prerequisites. The error message is :

  • Reasons for failed automatic device encryption: Un-allowed DMA capable bus/device(s) detected

 

Can anyone with similar laptop (Windows 11 AMD-based Omen laptop) verify if you have the same problem?

 

Again, I already confirmed I have TPM 2.0, UEFI and Secure Boot. I'll search around for ideas,  ...  

 

Thanks.

 

Jay

Was this reply helpful? Yes No

‎03-19-2022 03:04 PM - edited ‎03-19-2022 03:06 PM

HP Recommended

Thanks for the info BOSSXXXL.  I didn't know about that issue (https://www.amd.com/en/support/kb/faq/pa-410).

 

I guess you're right that fTPM's performance would be more critical with an encrypted drive.  Looks like I'll have to wait until AMD releases a fix.  And I hope HP will provide an updated firmware with the fix.

 

Thanks,

 

Jay

 

P.S.: BitLocker is not available on my Windows 11 Home Edition setup.  I would need to upgrade to Windows 11 Pro to get it.

Was this reply helpful? Yes No

‎03-19-2022 03:30 PM

HP Recommended

Ok, so thanks to this Microsoft help page (https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker#un-allowed...), we know what this "Un-allowed DMA capable bus/device(s) detected" problem means :

 

"Windows detected at least one potential external DMA capable bus or device that may expose a DMA threat."

 

Microsoft then says to contact the IHV (i.e. HP) to determine/confirm if the laptop has no external DMA ports and they would then add some bus or device id to an AllowedBuses registry key. 

 

Looks complicated!   Is it even worth contacting HP with this new information?

 

Please anyone let me know if you have same problem on your Omen laptop.  If it's "as per design" with HP Omen,  I'll just live with it.

 

Thanks,

 

Jay

Was this reply helpful? Yes No

‎03-19-2022 03:40 PM

HP Recommended

Press windows +r then write tpm.msc if it's available then good if not go to bios configuration security make the tpm available and turn on the tpm status then you got to go .

Was this reply helpful? Yes No

‎03-19-2022 03:51 PM

HP Recommended

I checked and TPM is available. Version 2.0 as required.

 

If TPM was not available, this would probably be listed explicitly under the "Reasons for failed automatic device encryption" in msinfo32.msc.  On my older desktop computer, it clearly says "TPM is not usable", as expected.  

 

But with this HP Omen laptop, the only error listed is  :  "Un-allowed DMA capable bus/device(s) detected"

 

I wonder if it's "normal" or a problem with my laptop.

 

Jay

Was this reply helpful? Yes No

‎03-24-2022 09:54 AM

HP Recommended
@Jay_D0 wrote:

OK, ... I just found these instructions from Microsoft (https://support.microsoft.com/en-us/windows/device-encryption-in-windows-ad5dcf4b-dbe0-2331-228f-792... tell pizza hut) to find if Device Encryption is available for your laptop :

 

  1. Run msinfo32 -- "right-click, run as administrator"
  2. At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device.

 

In my case, it does *not* meet prerequisites. The error message is :

  • Reasons for failed automatic device encryption: Un-allowed DMA capable bus/device(s) detected

 

Can anyone with similar laptop (Windows 11 AMD-based Omen laptop) verify if you have the same problem?

 

Again, I already confirmed I have TPM 2.0, UEFI and Secure Boot. I'll search around for ideas,  ...  

 

Thanks.

 

Jay

Fantastic website. Lots of useful info here. I’m sending, it to some friends ans additionally sharing in delicious. And obviously, thank you on your sweat!

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.