Windows 10: BitLocker, TPM and a Ryzen

Discus and support BitLocker, TPM and a Ryzen in Windows 10 Support to solve the problem; I simply love the BitLocker functionality. I've always used it and still using for my Intel laptop without TPM, but with a small change in Group Policy... Discussion in 'Windows 10 Support' started by bl00keRs, Jul 8, 2019.

  1. bl00keRs Win User

    BitLocker, TPM and a Ryzen


    I simply love the BitLocker functionality. I've always used it and still using for my Intel laptop without TPM, but with a small change in Group Policy to skip TPM and use a password on every boot... and it simply working.

    Hovewer, now I've a AMD PC with Ryzen 1700x onboard. I've noticed that the TPM comes free to these CPUs. How to set this thing properly along with BitLocker encrypted system drive? Help needed as I can't figure out the correct UEFI settings, along with Group Policies rules changes, if they're needed to be changed. I've tried to encrypt the system drive (with out of the box UEFI settings), after first Windows installation, but the system booted up without password prompt which I'm for, before every bootup, just like on the laptop.

    So, I've played a bit with Group Policy rules and UEFI settings, but still couldn't manage the password prompt. Re-encrypted the drive without any result, discovered a new TPM menu in UEFI, played a bit more with changing settings here and there and stopped. It was on 1809.
    How to reset this thing completely without losing or need of Windows re-installation? I've installed 1903 last week so the system isn't protected now, and I haven't touched Group Policy on it. I've updated the BIOS and maybe TPM settings has been reset to default? I can't sleep without securing my data and I don't want to eventually mess up anything this time with a lot of changed settings on a fresh system *chuckle

    How to set it up? Below you can see how it look for my motherboard. ASUS X470 STRIX.

    TPM Device Selection is set to Firmware TPM
    Erase fTPM NV for factory reset is set to Enabled


    BitLocker, TPM and a Ryzen [​IMG]



    I can't tell you the extra UEFI TPM menu since I don't know how to take a printscreen of UEFI? Anybody?

    I understand that TPM is used to link all(?) devices together and encrypt them so I can't switch any device before resetting TPM with a key? Or is it just processor specific anti-theft thing?

    Thank you in advance.

    :)
     
    bl00keRs, Jul 8, 2019
    #1

  2. FingerPrint With TPM and Bitlocker

    I want to use fingerprint as bitlocker/TPM's password/PIN. Please Guide me step by step

    [Moved from: Windows / Windows 10 / Windows settings]
     
    ManjeetDhariwal, Jul 8, 2019
    #2
  3. Yan.S Win User
    Bitlocker without TPM

    Hi there,

    I'm trying to use Bitlocker without TPM

    My version is Windows 10 Home, and I try to follow -

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM



    1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
    2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
    4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
    5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.
    You have changed the policy setting so that you can use a startup key instead of a TPM.

    1. Close the Local Group Policy Editor.
    2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
    3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
    4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
    6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
      the computer.
    7. Insert your USB flash drive in the computer, if it is not already there.
    8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
    9. On the Save the recovery password page, you will see the following options:
    · Save the password on a USB drive. Saves the password to a USB flash drive.

    · Save the password in a folder. Saves the password to a folder on a network drive or other location.

    · Print the password. Prints the password

    While I have a problem on step 4.

    Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

    I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
    Control Panel Setup: Enable Advanced Startup Options anywhere.

    Thank you for your help.

    Best Regards,

    Yan
     
    Yan.S, Jul 8, 2019
    #3
  4. lx07 Win User

    BitLocker, TPM and a Ryzen

    Bitlocker - Win 10 - TPM 2.0 - Legacy Mode


    According to here you need to boot in UEFI to configure bitlocker then you can change to CSM.
    Pre-Provision Bitlocker - TPM 2.0 - SCCM 1610
     
    lx07, Jul 8, 2019
    #4
Thema:

BitLocker, TPM and a Ryzen

Loading...
  1. BitLocker, TPM and a Ryzen - Similar Threads - BitLocker TPM Ryzen

  2. BitLocker, TPM and a Ryzen

    in AntiVirus, Firewalls and System Security
    BitLocker, TPM and a Ryzen: I simply love the BitLocker functionality. I've always used it and still using for my Intel laptop without TPM, but with a small change in Group Policy to skip TPM and use a password on every boot... and it simply working. Hovewer, now I've a AMD PC with Ryzen 1700x onboard....
  3. WHY use TPM with bitlocker?

    in AntiVirus, Firewalls and System Security
    WHY use TPM with bitlocker?: i still have to understand WHY to use TPM with bitlocker. these are my concerns, i tried to use bitlocker with my tpm but the encryption was "free" without to enter any password at boot. Ok this kind of encryption is useful ONLY IF a thief steal ONLY the hd .... but what if...
  4. Bitlocker with TPM

    in AntiVirus, Firewalls and System Security
    Bitlocker with TPM: Hi , I,m not sure if this is the right place to post this . Anyway , My query is about encryption on win10 pro . Previously I had a laptop with no TPM so I had to us the group policy editor to allow encryption to work , fine ,all was working and I had to type a password...
  5. Bitlocker...TPM + PIN vs Password?

    in AntiVirus, Firewalls and System Security
    Bitlocker...TPM + PIN vs Password?: I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct. In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong...
  6. BitLocker not requiring password at boot. (Without TPM)

    in AntiVirus, Firewalls and System Security
    BitLocker not requiring password at boot. (Without TPM): I've recently installed bitlocker on my computer. Although windows says my C: drive is encrypted; I am not asked for my decryption password when i boot the computer. I get put straight into the login screen. I've done the necessary steps to enable bitlocker without TPM but...
  7. Bitlocker, TPM, BIOS PASSWORD, help on interaction of these

    in AntiVirus, Firewalls and System Security
    Bitlocker, TPM, BIOS PASSWORD, help on interaction of these: Tech help requested Bitlocker, TPM, AMI Bios and TPM, SAmsung TabPro S (windows) computer tablet Tech requests to AMI bios and to samsung, for clarification of these items, has been USELESS. I have the tablet, with Bitlocker enabled. I do NOT have a PIN enabled for...
  8. BitLocker with TPM mode protection only?

    in AntiVirus, Firewalls and System Security
    BitLocker with TPM mode protection only?: I have a laptop which is a Dell E6440 and was just wondering if it vulnerable to these DMA attacks through Thunderbolt and Firewire methods. Reason asking, is because I have BitLocker full disk encryption turned ON with TPM-Only protection (meaning no PIN). Would this be...
  9. Bitlocker with TPM and Offline Password Editor

    in AntiVirus, Firewalls and System Security
    Bitlocker with TPM and Offline Password Editor: Hi, If I enable Bitlocker with TPM (i.e. no passcode required on boot-up), and I have the Local Administrator account enabled on the machine (with my normal user account as a standard account), would it be possible for someone with a Hirens Boot CD blank/reset the Local...
  10. Bitlocker without TPM help

    in AntiVirus, Firewalls and System Security
    Bitlocker without TPM help: Hi all, I've been having a bit of trouble trying to get Bitlocker working on my Dad's laptop. He recently bought a new laptop with Win 7 pro and I upgraded it to Win 10. It all went smoothly except now when I'm trying to get Bitlocker to encrypt his drive. It has an ssd...