Device Encryption not available

timemachiner · Jan 20, 2025

I'm using a computer that I built for Windows 10 and recently upgraded to Windows 11 Home (I did a clean install, but W11 was offered through Windows Updates, so my PC is compatible).

The problem is that when I go to Settings > Privacy & security, there is no option for Device Encryption.

My motherboard is a B450-A PRO MAX, using BIOS version 7B86vML (2024-08-09).

Windows Security shows that core isolation, security processor, and secure boot are enabled. It says "your device meets the requirements for standard hardware security."

System Information shows the following next to Automatic Device Encryption Support: "Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and the device is not Modern Standby, Un-allowed DMA-capable bus/device(s) detected"

I've searched Google but can't seem to find a clear solution to the above scenario. Thanks for your help.

neemobeer · Jan 20, 2025

Are you signed in with a local user or MS account?

timemachiner · Jan 20, 2025

neemobeer said:
Are you signed in with a local user or MS account?

Microsoft account.

Comport Colin · Jan 20, 2025

I wrote How to use Bitlocker on Windows 10 Home | Experts Exchange in order to show a way how to encrypt your drive even when device encryption requirements are not met. Use it if you understand what it's about.

timemachiner · Jan 20, 2025

Comport Colin said:
I wrote How to use Bitlocker on Windows 10 Home | Experts Exchange in order to show a way how to encrypt your drive even when device encryption requirements are not met. Use it if you understand what it's about.

Thank you, but I wish to use Device Encryption as I believe my system should meet the requirements.

XxXxX · Jan 20, 2025

i have Win 11 Home 24H2 and i use Veracrypt to encrypt my main Windows C: drive.

VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic...

www.veracrypt.fr

best of luck, Steve ..

timemachiner · Jan 20, 2025

I appreciate these responses, but I do not wish to use other methods until I know for certain that I have no other choice. I believe my W11 system should support Device Encryption and wish to resolve it.

XxXxX · Jan 20, 2025

timemachiner said:
I appreciate these responses, but I do not wish to use other methods until I know for certain that I have no other choice. I believe my W11 system should support Device Encryption and wish to resolve it.

if device encryption is not available in
settings > privacy and security > device encryption
then bitlocker is not installed on your system. some personal builds may not have the correct hardware support and Windows will not install or allow bitlocker to be available for that system. as you have already done a clean install of Win 11 24H2 it looks likely that, for whatever reason, bitlocker is not available for your system. hence the alternative posted.
i hope that you can find some information above and beyond the information i have found in this regard.

best of luck, Steve ..

glasskuter · Jan 20, 2025

Make sure secure boot is enabled in bios

timemachiner · Jan 20, 2025

glasskuter said:
Make sure secure boot is enabled in bios

Thank you. It is, and Windows Security confirms that.

glasskuter · Jan 20, 2025

timemachiner said:
Thank you. It is, and Windows Security confirms that.

See the solutions in this article, particularly this one

How to Check If Your Device Supports Device Encryption

Device Encryption Not Showing/Found/Appearing On Windows - MiniTool

You may sometimes find your device encryption not showing on the device. What happened? How to fix the issue?

www.minitool.com

antspants · Jan 20, 2025

Have you run through this Tutorial?

Turn On or Off Device Encryption in Windows 11

This tutorial will show you how to turn on or off device encryption on a Windows 11 PC. Device encryption is a Windows feature that enables BitLocker encryption automatically for the Operating System drive and fixed drives. It’s particularly beneficial for everyday users who want to ensure...

www.elevenforum.com

hsehestedt · Jan 20, 2025

See the link below. I've run into this myself. The link says to reset the BIOS but I have never needed to do that. I simply go into the BIOS and clear the TPM.

TPM is not usable PCR7 binding is not supported (SOLVED) - Microsoft Q&A

(SOLVED EXPLANATIONM BELOW) I have the Problem that I did a fresh install of Windows 10 pro (twice) and enabled Secure Boot as well as fTPM (amd) to be Win 11 ready, but Windows still says that it doesn't recognize a tpm module. I installed the ryzen…

learn.microsoft.com

timemachiner · Jan 21, 2025

glasskuter said:
See the solutions in this article, particularly this one

How to Check If Your Device Supports Device Encryption

Device Encryption Not Showing/Found/Appearing On Windows - MiniTool

You may sometimes find your device encryption not showing on the device. What happened? How to fix the issue?

www.minitool.com

Thank you. I've followed instructions like that already. See my original post for the System Informaiton output.

antspants said:
Have you run through this Tutorial?

Turn On or Off Device Encryption in Windows 11

This tutorial will show you how to turn on or off device encryption on a Windows 11 PC. Device encryption is a Windows feature that enables BitLocker encryption automatically for the Operating System drive and fixed drives. It’s particularly beneficial for everyday users who want to ensure...

www.elevenforum.com

Yes. I cannot enable Device Encryption because it does not appear in Settings. That guide says "If you do not have Device encryption available, then your PC doesn't support device encryption." but I believe there is nothing about my hardware or system that technically shouldn't support Device Encryption. Perhaps I am mistaken, but I assume the fact Device Encryption isn't appearing is a bug that I need to resolve.

hsehestedt said:
See the link below. I've run into this myself. The link says to reset the BIOS but I have never needed to do that. I simply go into the BIOS and clear the TPM.

TPM is not usable PCR7 binding is not supported (SOLVED) - Microsoft Q&A

(SOLVED EXPLANATIONM BELOW) I have the Problem that I did a fresh install of Windows 10 pro (twice) and enabled Secure Boot as well as fTPM (amd) to be Win 11 ready, but Windows still says that it doesn't recognize a tpm module. I installed the ryzen…

learn.microsoft.com

Thank you. I updated the BIOS to the latest version (and as such reset it) and that didn't change anything. I reset the TPM, also nothing.

The original post on that forum says "I had to go to ACPI Configuration settings and change the Deep Sleep settings to "S4 and S5 enabled".", though I don't see ACPI Configuration or Deep Sleep settings in my BIOS.

XxXxX · Jan 21, 2025

after all the updates that you have done have you considered a repair install of the system.
this will keep all the programs and settings that you have already installed and set but will reinstall the system.
that way you will be to see if bitlocker can be installed and used if it is possible .

best of luck, Steve .

hsehestedt · Jan 21, 2025

timemachiner said:
Thank you. I updated the BIOS to the latest version (and as such reset it) and that didn't change anything. I reset the TPM, also nothing.

No. Updating the BIOS does NOT clear the TPM. You have to manually clear the TPM using the options to do so in your BIOS. Some BIOS make this blatantly obvious when you are in the security settings, others do not. With some BIOS the procedure is not at all intuitive.

But an alternative method would be run "clear-tpm" from powershell.

If updating the BIOS cleared the TPM you would have to recover every time you update the BIOS. I run BitLocker on EVERY machine I touch and I never ever have to recover after a BIOS update. The TPM is a separate piece of hardware or firmware in the CPU so the BIOS does not affect it except for the functions in the BIOS that allow you to configure the TPM.

IMPORTANT: If you already have encryption enabled, you better backup your recovery key first and / or have a reliable backup available since clearing the TPM will render data inaccessible unless you have the recovery key.

hsehestedt · Jan 21, 2025

One more thing...

Almost forgot: The TPM management options do not show up in some BIOS until you first disable Secure Boot. So, if Secure Boot is enabled, you may not see those options until Secure Boot is turned off.

The powershell command would, of course, be far easier.

timemachiner · Jan 21, 2025

hsehestedt said:
No. Updating the BIOS does NOT clear the TPM. You have to manually clear the TPM using the options to do so in your BIOS. Some BIOS make this blatantly obvious when you are in the security settings, others do not. With some BIOS the procedure is not at all intuitive.

But an alternative method would be run "clear-tpm" from powershell.

If updating the BIOS cleared the TPM you would have to recover every time you update the BIOS. I run BitLocker on EVERY machine I touch and I never ever have to recover after a BIOS update. The TPM is a separate piece of hardware or firmware in the CPU so the BIOS does not affect it except for the functions in the BIOS that allow you to configure the TPM.

IMPORTANT: If you already have encryption enabled, you better backup your recovery key first and / or have a reliable backup available since clearing the TPM will render data inaccessible unless you have the recovery key.

Thanks. To be clear, I updated the BIOS and cleared the TPM manually. Nevertheless, I cleared the TPM manually again using the PowerShell command. The problem remains. I am beginning to suspect this is an issue with the MSI motherboard: https://forum-en.msi.com/index.php?...i-b550-gen-3-and-all-amd-motherboards.404624/

Comport Colin · Jan 23, 2025

timemachiner said:
Thank you, but I wish to use Device Encryption as I believe my system should meet the requirements.

Device Encryption and Bitlocker are technically identical. DevEnc is a limited version of Bitlocker, it has less config options but more requirements (since Microsoft wants you to give something for the benefit of DevEnc, they let you use it only with a Microsoft account). So what you replied to me is no good reason in my eyes.

Device Encryption not available

New member

My Computer

Well-known member

My Computer

New member

My Computer

Well-known member

My Computer

New member

My Computer

Well-known member

My Computers

New member

My Computer

Well-known member

My Computers

aka Mama Glass

My Computers

New member

My Computer

aka Mama Glass

How to Check If Your Device Supports Device Encryption​

My Computers

Like a rolling drone.

My Computers

Well-known member

My Computers

New member

How to Check If Your Device Supports Device Encryption​

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

New member

My Computer

Well-known member

My Computer

Similar threads

How to Check If Your Device Supports Device Encryption

How to Check If Your Device Supports Device Encryption