Windows 10: Device standard encryption - PCR7 binding issue

Discus and support Device standard encryption - PCR7 binding issue in AntiVirus, Firewalls and System Security to solve the problem; I've windows 10 Home edition, build 19042. I want to encrypt my drives, but in system information, under encryption support, this message is shown:... Discussion in 'AntiVirus, Firewalls and System Security' started by NEONGASHMEN, May 6, 2021.

  1. Device standard encryption - PCR7 binding issue


    I've windows 10 Home edition, build 19042. I want to encrypt my drives, but in system information, under encryption support, this message is shown: Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/devices detected, Disabled by policy I've TPM version 2.0 and secure boot is enabled. Is it possible to resolve this issue and is it possible to enable device encryption somehow ?

    :)
     
    NEONGASHMEN, May 6, 2021
    #1
  2. LShel42 Win User

    PCR7 Configuration Binding Not Possible

    I've got Windows 10 Home, Version 10.0.18363 Build 18363. I haven't been having any specific problems, but tonight I looked at my System Information and on the Summary page I noticed a couple of entries that I really don't understand.

    • PCR7 Configuration Binding Not Possible
    • Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected
    Do I have a problem that I'm unaware of? Should I be concerned? What do I do to fix it if necessary? Would appreciate some expert guidance here. Thanks.
     
    LShel42, May 6, 2021
    #2
  3. BalajiP63 Win User
    Device encryption menu not found in settings (Windows 10 Home)

    Hi,

    I turned off the device encryption in settings of Windows 10 home edition. Once, I did that, I was unable to undo that. It took several hours for decryption. After completion, when tried to turn it on again, the message showed, 'Something went wrong,
    please try later'. So, I restarted and after that I could not find the Device Encryption menu in the Settings under Update and Security. I couldn't find it by searching that in the taskbar search option. In the System Information, under item 'Device Encryption
    Support', the value shown is 'Reasons for failed automatic device encryption: PCM is not usable, PCR7 binding is not supported, PCM is not usable', and under item 'PCR7 Configuration", the value shown is 'PCR7 binding not possible'.

    How can I find the device encryption option again and turn it on back again? Please help me with some suggestions. Thanks, in advance.
     
    BalajiP63, May 6, 2021
    #3
  4. GJoker Win User

    Device standard encryption - PCR7 binding issue

    PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834

    In our office we are trying to swap over from using McAfee's encryption tool to managing Bitlocker via Workspace One (formerly Airwatch). I was able to successfully apply Bitlocker to two Lenovo models T470s. After those worked, I pushed the same profile
    over to a test T480s. It went into Bitlocker recover on every boot. When I went into the system information, I got the following entry for the Device Encryption Support Reasons for failed automatic device encryption field: "PCR7 binding is not supported, Un-allowed
    DMA capable bus/device(s)"

    I was able to fix the DMA issue by adding the "PCI Express Upstream Switch Port" under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses with the appropriate key value. What I can't get working is the PCR7 binding. No matter
    what I try I still get "PCR7 Configuration Binding Not Possible" on the T480 and T490 models. Whenever I try to encrypt it I get the following messages in the event logs for Bitlocker API:

    Event 813 - "BitLocker cannot use Secure Boot for integrity because the expected TCG Log entry for variable 'CurrentPolicy' is missing or invalid."
    Event 834 - "BitLocker determined that the TCG log is invalid for use of Secure Boot. The filtered TCG log for PCR[7] is included in this event."

    I have updated the OS and BIOS. I have ensured that the the TPM module and Secure Boot are enabled in the BIOS. I have even toggled them off and back on again to make sure they are on.

    The TPM module appears to be correct:
    wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:list

    IsActivated_InitialValue=TRUE
    IsEnabled_InitialValue=TRUE
    IsOwned_InitialValue=TRUE
    ManufacturerId=1229346816
    ManufacturerIdTxt=IFX
    ManufacturerVersion=7.63.3353.0
    ManufacturerVersionFull20=7.63.13.6400
    ManufacturerVersionInfo=SLB9670
    PhysicalPresenceVersionInfo=1.3
    SpecVersion=2.0, 0, 1.16

    I've confirmed the SecureBoot both in the system info, manually in the BIOS, and by using the following powershell commands:
    PS C:\WINDOWS\system32> Confirm-SecureBootUEFI
    True
    PS C:\WINDOWS\system32> Get-SecureBootPolicy

    Publisher Version
    --------- -------
    77fa9abd-0359-4d32-bd60-28f4e78f784b 1

    If I try to push Bitlocker and run "Manage-bde -protectors -get %systemdrive%" I get the PCR values 0, 2, 4, 11. If I do it on the t470s I've encrypted I get the proper PCR 7, 11.

    Both are Microsoft Windows 10 Pro version 1909, all current patches applied.

    I suspect something with our image is causing the issue or issues. Normally I would try to pave over our image with a fresh install of Windows 10 to confirm, but with our main office closed I won't be able to re-apply the image to the device after doing
    so.

    Does anyone have any tips on how to isolate exactly what is causing the PCR7 bind issue?
     
    GJoker, May 6, 2021
    #4
Thema:

Device standard encryption - PCR7 binding issue

Loading...
  1. Device standard encryption - PCR7 binding issue - Similar Threads - Device standard encryption

  2. BitLocker error - PCR7 binding is not supported

    in Windows 10 Network and Sharing
    BitLocker error - PCR7 binding is not supported: Hello, I have an issue with BitLocker not working and advising "PCR7 binding is not supported"I've undertaken extensive research on the internet to resolve the issue and drawing a blank.This laptop was previously using BitLocker without issue prior to me wiping the system and...
  3. BitLocker error - PCR7 binding is not supported

    in Windows 10 Gaming
    BitLocker error - PCR7 binding is not supported: Hello, I have an issue with BitLocker not working and advising "PCR7 binding is not supported"I've undertaken extensive research on the internet to resolve the issue and drawing a blank.This laptop was previously using BitLocker without issue prior to me wiping the system and...
  4. BitLocker error - PCR7 binding is not supported

    in Windows 10 Software and Apps
    BitLocker error - PCR7 binding is not supported: Hello, I have an issue with BitLocker not working and advising "PCR7 binding is not supported"I've undertaken extensive research on the internet to resolve the issue and drawing a blank.This laptop was previously using BitLocker without issue prior to me wiping the system and...
  5. PCR7 Binding is not supported in Windows 11/10

    in Windows 10 News
    PCR7 Binding is not supported in Windows 11/10: [ATTACH]PCR7 Binding is a technology that helps users encrypt hard drives on their Windows computers. It is different from the Bitlocker technology. To use Bitlocker technology, you should have Windows 11/10 Pro, Enterprise, or Education edition. Windows 11/10 Home users...
  6. PCR7 binding was possible and now it suddenly is not - but everything works properly

    in AntiVirus, Firewalls and System Security
    PCR7 binding was possible and now it suddenly is not - but everything works properly: Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not...
  7. PCR7 binding was possible and now it suddenly is not - but everything works properly

    in Windows 10 Gaming
    PCR7 binding was possible and now it suddenly is not - but everything works properly: Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not...
  8. PCR7 binding was possible and now it suddenly is not - but everything works properly

    in Windows 10 Software and Apps
    PCR7 binding was possible and now it suddenly is not - but everything works properly: Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not...
  9. PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834

    in AntiVirus, Firewalls and System Security
    PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834: In our office we are trying to swap over from using McAfee's encryption tool to managing Bitlocker via Workspace One formerly Airwatch. I was able to successfully apply Bitlocker to two Lenovo models T470s. After those worked, I pushed the same profile over to a test T480s....
  10. PCR7 Configuration Binding Not Possible

    in Windows 10 BSOD Crashes and Debugging
    PCR7 Configuration Binding Not Possible: I've got Windows 10 Home, Version 10.0.18363 Build 18363. I haven't been having any specific problems, but tonight I looked at my System Information and on the Summary page I noticed a couple of entries that I really don't understand. PCR7 Configuration Binding Not...

Users found this page by searching for:

  1. PCR[7] configuration