[German]Is there an issue with the Trusted Platform Module 2.0 on Windows 10 version 1903? I got reports that TPM is causing error code 10 in Device Manager. Then of course Bitlocker does not work anymore.
Background: Bitlocker and TPM
Microsoft’s Bitlocker can be used for hard disk encryption under Windows. This feature is available from the Pro version of the operating system. Bitlocker has the possibility to perform the encryption with or without Trusted Platform Module 2.0.
If a TPM module is missing, a PIN must be entered to decrypt the Bitlocker-encrypted files. If there is a Trusted Platform Module 2.0 in the form of a chip on the motherboard, Bitlocker can use it for authentication. The encrypted media are then bound to this hardware via TPM.
Issues with the TPM chip in Windows 10 V1903
Bitlocker and the Trusted Platform Module 2.0 are always good for problems under Windows (see links to other articles at the end of this article). Now German blog reader Andreas E. (thank you for that) has informed me about a problem with Bitlocker in connection with TPM 2.0 and Windows 10 May 2019 Update (Version 1903) via a private message on Facebook. He himself as well as his colleagues have noticed problems with TPM on several computers running Windows 10 Version 1903.
The Trusted Platform Module 2.0 cannot be started. In the Device Manager you will find the error message shown in the screenshot above.
The device cannot start. (Code 10)
The requested operation was unsuccessful.
If the device (TPM 2.0) cannot be started, the device manager reports error 10, of course the TPM protector for bitlockers is omitted. Then Bitlocker is stopped – and you can no longer access the encrypted information or use Bitlocker with TPM. Andreas writes about it:
And the [Bitlocker] protection is stopped
But you will find very little information about it
Maybe worth doing some research.
That’s the information I have so far. But a short search on the internet shows that Bitlocker and TPM are not fool proof at all, but can cause trouble. Dell has published a Support article How to troubleshoot and resolve common issues with TPM and BitLocker on various bugs.
Whether there are issues with a TMP 2.0 firmware update, as described here by Microsoft, isn’t known so far.
What can I find about TPM Code 10?
If you search for TPM 2.0 and the error code 10 in the internet, you will get some hits.
Virus scanners and filter drivers
In the Technet forum there is this post, which deals with the code 10 with TPM 2.0. There a user describes he deleted UpperFilters and LowerFilters (injected by a virus scanner), because they seem to have caused TPM problems.
But you can’t just delete the filter drivers from the registry – the system didn’t boot anymore. The affected person had to reinstall Windows 10 V1809 – and then the TPM 2.0 chip was detected cleanly in the device manager.
Somewhere in forums I found the hint that you should always use the Windows TPM driver – but not the OEM TMP driver (it is also mentioned here). I also found the information (e.g. here) that the UEFI boot mode can have an influence.
Conflict with other hardware?
In this HP forum post, a user also describes the error image that the TPM 2.0 device displays Code 10 in the Device Manager. Microsoft Windows 10 is used, but no version is specified (based on the post it can have been at most Windows 10 V1803).
However, the poster also reports issues with Windows 10 Hello logon and a fingerprint sensor. What I took with me from this (unsolved) thread is to pay attention to the following:
- BIOS and/or UEFI must be up to date to cleanly support the TPM 2.0 chip.
- A suitable chipset driver must be installed over Windows so that all devices are properly detected.
The chipset driver should be provided by Windows 10. But if there are problems there, you can see if the OEM offers something updated.
In this context I found this blog post, where an audio device under Windows 10 V1709 throwing the error code 10. But there was the problem that the Bitlocker DMA protection didn’t work anymore. The error was solved by a cumulative update for Windows 10 and afterwards the Direct Memory Access (DMA) protection for Bitlocker worked again.
I found a comment on this article in which somebody claims that Windows 10 V1903 is ‘bypassing’ the TPM – but without giving further details.
At this point the question: Are there any other people affected who notice this effect? Has anyone perhaps even determined a cause and knows a fix?
Windows 10: Important Secure Boot/Bitlocker Bug-Fix
BitLocker management in enterprise environments
Dell: New BIOS is causing Bitlocker issues
Bitlocker on SSDs: Microsoft Security Advisory Notification (Nov. 6, 2018)
SSD vulnerability breaks (Bitlocker) encryption
Windows 10 V1803: Fix for Bitlocker bug in Nov. 2018?
Windows 10: Bitlocker encrypts automatically