How to re-enable TPM after decrypting C: drive from BitLocker?

windows-10 security encryption bitlocker tpm

I have a Surface Pro 6. One day my computer got locked with BitLocker (for no apparent reason). After recovering the key I disabled device encryption and decrypted my hard drive.

If I now do manage-bde -status, I get this information:

enter image description here

However, this seemed to have disabled my TPM. When I boot into UEFI, the TPM option is disabled, and when trying to enable it I get a message saying

The system failed to change the state of the TPM. Please reboot the system to try again.

Disabling Secure boot does not help (I tried enabling TPM with secure boot on and off).

enter image description here

enter image description here

enter image description here

enter image description here TPM is also not found under Device Manager, as my Security Devices section does not appear even after I check "Show Hidden Devices". enter image description here

I learned that this could be an issue related to BitLocker. In efforts to enable TPM, I followed instructions that told me to pause BitLocker, but that command gave me an error:

enter image description here

I have another surface pro that has BitLocker encryption enabled, and the TPM is enabled (as by default).

From this, I have a few questions:

  • Are the issues between decrypting my drive and being unable to turn on TPM related?
  • How can I re-enable my TPM module?

*For more information, I have Surface Pro 6, model 1796.


Solution 1:

Okay, so here’s what likely happened:

  1. Your computer shipped with BitLocker enabled with a TPM-protected key
  2. The TPM died
  3. You had to enter the recovery key because the TPM was no longer accessible to automatically unlock the BitLocker encryption

You need to get the device repaired, there is nothing more you can do.

Solution 2:

No, disabling bitlocker will not disable TPM. TPM is managed from the BIOS/UEFI, and bitlocker is not capable of enabling/disabling TPM.

That said, if you change secure boot options in the BIOS/UEFI, it may disable TPM.

Given that your TPM is currently disabled, it sounds like you switched to legacy mode. For TPM to be allowed, Secure Boot must also be enabled.

It may be that you must enable secure boot, reboot, enter UEFI and then be allowed to enable TPM.

Related

Unable to expand cells in Excel
How do I change adapter settings without a mouse?
Excel: index & match formula issue
Windows 10 Mouse Randomly Stops Working
With mouse integration turned off, both my mouse and touchpad get randomly stuck on invisible randomly placed lines while in a guest OS?
How do I search for exact keywords in file explorer? [duplicate]
SSH passthrough?
How do I delete iTunes from my MacBook Pro
Stolen Package with Ipad Pro WiFi only [closed]
Corsair Virtuoso Sidetone on MacOS [closed]
How to check how much "free" iGPU VRAM the system have in MB?
Copy filename of file selected in Finder to clipboard using Automator with Applescript