-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
- HP Community
- Archived Topics
- Notebooks Archive
- Re: BitLocker Encryption - TPM Not Found 2540p

Create an account on the HP Community to personalize your profile and ask a question

01-16-2015 07:58 AM
I am doing a test to transition away from PGP Desktop Encryption on our notebooks to BitLocker Windows 7 Enterprise.
I set it up in GPO on the Server Windows 2012 Std.
When I started bitLocker, it says "A compatible Trusted platform Module (TPM) issecurity device must be present on this computer, but a TPM was not found."
The Device manager shows Infineon Trusted Platform Module, driver dated 12/14/2007 Driver Version 2.1.1.0. I did an update driver and it found nothing. I looked in HP support for a newer driver but it was down.
So I looked in the BIOS to make sure it was not disabled.
Tried adding a couple of things,First I checked -Reset of TMP from OS
.
Next I tried Poweron Authentication Support and Reset Authentical Credential:
No happiness with either.
What do i need to do to proceed please?
Solved! Go to Solution.
Accepted Solutions
01-20-2015 06:25 AM
Hi Peter ,
I just simulated the BIOS - All the settings seems perfect .
If thats the case since this is an enterprise version of the OS - i suspect issue is with the group policy
If thats the case to resolve this issue, do the following:
- Log on as Administrator.
- Click Start, select Run, type gpedit.msc and press Enter.
- Select Adminstrative templates.
- Select Windows components.
- Select Bit locker drive encryption.
- Select Operating system drive.
- Select Require additional authentication at startup.
- Select Enable, click OK and exit
- Click Start, select Run, type gpupdate.exe /force and press Enter.
- Reboot the notebook after the process completes.
- Click Start, select Control Panel, double-click BitLocker Encryption and select Turn On BitLocker for the local hard disk drive.
Im sure this should help
Regards,
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
01-19-2015 05:51 AM
Hi, Im Not sure if youve already tried this but you could check If this helps .
You could try setting up an administrator password & then enable TPM and check if it helps .
Because the TRusted Platform module sometimes might need some prerequisites to be completed first .
Before enabling the BitLocker feature in Windows 7 , first enable TPM modules in BIOS setup page, as follows:
- Restart the notebook and press F10 to enter the BIOS setup screens.
- Select the Security tab.
- Set the Administrator Password.
- Set the Embedded Security Device to Available.
- Set the Status to Enabled.
- Save and restart.
However IF your setting a BIOS Administrator password please make a note not to forget it cos on a business unit resetting the forgotten BIOS password is a little too tricky & takes time .
You could also try updating the BIOS .
Also just an FYI from The document - http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=c04110992
It also does mention that * TPM module disabled where use is restricted by law; for example, Russia and China.
Hope this helps
Regards
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
01-19-2015 09:04 AM
Prath,
I appreciate your assistance. I clicked the Thumbs up several times, but no result.
I thought it was fixed, but no success.
Our W7 Enterprise images all come with a BIOS setting password so that was already accomplished.
I was able to find a newer BIOS update. Then I went into the BIOS looking for the items you mentioned, I found Security\TPM Emedded Security. This is what I set:
- Embedded Security Device Avabilablity: "Available"
- Embedded Security Device State: "Check Mark"
- Factory Defaults: "No"
- Power-On Authentification Support: "Check Mark"
- Reset Authentication Credential; "No"
- OS Management of TPM: "Check Mark"
- -Reset of TPM from OS: "Not Checked"
When I saved it I received a Prompt, "Do you want to Enable TPM", and I said "Accept" fully thinking it would work now.
No luck
01-20-2015 06:25 AM
Hi Peter ,
I just simulated the BIOS - All the settings seems perfect .
If thats the case since this is an enterprise version of the OS - i suspect issue is with the group policy
If thats the case to resolve this issue, do the following:
- Log on as Administrator.
- Click Start, select Run, type gpedit.msc and press Enter.
- Select Adminstrative templates.
- Select Windows components.
- Select Bit locker drive encryption.
- Select Operating system drive.
- Select Require additional authentication at startup.
- Select Enable, click OK and exit
- Click Start, select Run, type gpupdate.exe /force and press Enter.
- Reboot the notebook after the process completes.
- Click Start, select Control Panel, double-click BitLocker Encryption and select Turn On BitLocker for the local hard disk drive.
Im sure this should help
Regards,
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
01-20-2015 07:15 AM
Hi Peter,
On a frank note im not sure why the the Site policy Setting did not work .
But the only thing i could assume is - I guess this is a unit specific change that needs to be done .
But Im really glad it worked for you
Regards,
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
01-20-2015 07:24 AM
Prath,
I spoke too soon. After it created the system disk and restarted in preferences it says:
This computer does not appear to have TPM. Require a Startup key at every step.
I just noticed TPM management in there, so i clicked on it and it says Compatible TPM Not found. Verify if this computer has a 1.2 TPM and it is turned on in the BIOS.
I did not find an Infineon driver for this notebook when I check drivers last week bu I will look again. Perhaps my version is too old??
Device manager says Infineon Trusted platform Module driver version is 2.1.1.0. doing an update search on the Internet says the best driver is installed.
01-20-2015 08:01 AM
Hi Peter,
Oh thats too bad,
Was this unit serviced any moment of time - for example a system board replacement any time before?
If not then please go ahead and go back to the BIOS - perform a restore defaults in BIOS .
& then reverify the settings for the TPM As discussed before - save & Exit from the BIOS & check if makes any difference .
And sorry about the delayed posts - I was a little occupied !
Regards
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
01-20-2015 08:20 AM
Prath,
Do not apologize, i greatly appreciate the help. Like I said this is a test to see what we need to accomplish to switch from PGP encryption and there is no rush.
No this notebook is the one I use to take home and has hardly been used. one of our newest.
I cleared the TPM after resetting BIOS.
I will go back through the routine and check back later.
Nope Same thing, still saying I need to use a USB to unlock and this is what TPM Administration looks like:
Is there a Registry Hack I can do, since it definitely has TPM, and BitLocker doesn't believe it does?
Update, I looked in the registry and found this clearly showing 1.0:
So I uninstalled Infineon TPM in Device manager and did a scan and a new device showed up "Security Devices (with a Key)"\Trusted Platform Module 1.2.
So the System Device Infineon TPM was probably version 1.0 and messing me up.
Drive is encrypted with BitLocker. Yeah!
have a great day,
Peter
01-20-2015 10:33 AM
Hi Peter ,
Thats great that its working now with what you did .
Uninstalling & Refreshing the TPM module from the device manager was just brilliant
But let me also show you what i found .
Click Start, click Control Panel, click System and Security, click BitLocker Drive Encryption, and then click Turn On BitLocker. If your computer does not have a TPM version 1.2 or the BIOS is not compatible with the TPM, you will receive the following error message:
A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker.
If you receive this error message on a computer that has a TPM, check if either of the following situations applies to your computer:
- Some computers have TPMs that do not appear in the Windows 7 TPM Microsoft Management Console snap-in (tpm.msc) due to a BIOS setting that hides the TPM by default and does not make the TPM available unless it is first enabled in the BIOS. If your TPM might be hidden in the BIOS, consult the manufacturer's documentation for instructions to display or enable the TPM.
- Some computers might have an earlier version of the TPM or an earlier version of the system BIOS that is not compatible with BitLocker. Contact the computer manufacturer to verify that the computer has a TPM version 1.2 or to get a BIOS update.
OR
You can enable BitLocker on an operating system drive without a TPM version 1.2, if the BIOS has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide.
To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setup Group Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPM check box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard.
Well all in all If everything is working fine then thats all we are looking for .
However Just an FYI - you could update the BIOS to be on a safer note & have the above mentioned information Handy - you know just in case if you need it
Cheers for the encrypted drive though
Regards,
PraTH_KR
**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
