Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Resolving a TPM Error Seen During BitLocker Encryption on a Dell PC

Summary: This article provides information about how to resolve an issue with a TPM error during BitLocker Encryption. The error that is reported is "A required TPM measurement is missing".

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

Cause

No cause information is available.

Resolution

Introduction

A TPM error has been reported during the BitLocker encryption startup. The error that is reported is a required TPM measurement is missing. The guide below will take you through the steps that are required in order to resolve this particular error. If the issue persists, there is a further section of troubleshooting that should resolve the problem.

Back to Top

Make sure the TPM is Activated

The important thing to start with, is to ensure you are on the latest BIOS revision for your particular system.

You can get the latest BIOS driver for your particular machine from the Dell Support Site:

  1. Make sure you enter either a service tag or express service code from your system or select your system type from the list provided.

  2. Go to the Drivers section of the on page menu.

    1. The left-hand side tab will show you the updates needed based on the tag or code you used.

    2. The right-hand side tab will let you find the update yourself, if you only selected the system type.

      1. Make sure your operating system is selected from the drop-down.

      2. Go down the page until you get to the BIOS drawer, select the driver kept there.

      3. You can compare the revision of file against the revision of the BIOS which is shown on the BIOS front page.

  3. To run the file, ensure that the PC is connected to mains power and double-click the file.

  4. Your PC will restart. When it has booted back into the operating system, you will have updated the BIOS revision. Updated from the file you saved and ran.

NOTE: The easiest and quickest way to get into the BIOS on a Dell system is to:
  1. Tap rapidly on the F2 key when you see that the Dell Splash screen appears during POST.

  2. Alternatively you can tap rapidly at the F12 key at the same point and select BIOS/Startup from the onscreen menu that appears.

You can check the TPM status in several ways:

Checking within the BIOS

Once inside the BIOS we need to confirm something:

  1. Go to Security TPM Security.

  2. Ensure the checkbox for Activate is selected.

  3. Save and Exit from the BIOS.

Checking from within Windows

You can access and check the status of the TPM from within the Windows Operating Systems:

  1. You can press the Win+R keys together as a shortcut to open a run box in most Windows Operating Systems.

  2. Type TPM.msc in the run box and hit the Enter key.

  3. A management console will open up.

  4. You can tell from the front page of the module if the TPM is activated. If not, you can activate it from here as well.

Back to Top


Clear the TPM

NOTE: During the TPM mode change, the TPM firmware update utility will warn you that data stored in the TPM will not be retained. The TPM owner should be cleared.

Data that may be erased during this:

  • BitLocker Protection Keys
    • BitLocker TPM key protection may be suspended temporarily using the manage-bde.exe -disable switch, without decrypting the contents on the encrypted drive.
    • The BitLocker TPM key protector can be reenabled after the mode change manually or by specifying several reboots before the OS automatically reenables the TPM protector.
  • Virtual SmartCard configuration (enterprise Windows 8.x+)
    • Virtual SmartCard for login will need to be reenrolled after a TPM mode change.
  • Measured Boot remote attestation measurement values (enterprise Windows 8.x+)
    • Measured Boot remote attestation services may need to be reenabled or reenrolled after a TPM mode change, depending on the remote attestation service provider
  • Other secrets stored by TPM-capable software (such as Dell Data Protection)

The next step is to clear the TPM. There are several ways to accomplish this:

From within BIOS

  1. Reboot your PC

  2. Tap rapidly on the F2 key when you see the Dell Splash screen as it starts up.

  3. Go to Security TPM Security.

  4. Click the checkbox marked clear or deactivate.

  5. Exit the BIOS, saving your settings.

From within PowerShell

  1. Run this command from the Command Prompt:

    powershell clear-TPM

From within a Windows Operating System

You can access and check the status of the TPM from within the Windows Operating Systems:

  1. You can press the Win+R keys together as a shortcut to open a run box in most Windows Operating Systems.

  2. Type TPM.msc in the run box and hit the Enter key.

  3. A management console will open up.

  4. Under the Actions section on the right, click Clear TPM.

  5. In the Clear the TPM Security Hardware box, check next to I do not have the TPM owner password and click OK.

  6. You will be asked to Reboot. After the Dell POST screen, you will be prompted to press a key (usually F10) to clear TPM. Press that key.

  7. Once the system reboots, you will be prompted to restart and follow the instructions to enable TPM. Restart.

  8. After the Dell POST screen, you will be prompted to press a key to enable TPM. Press that key (usually F10).

  9. Once back at the desktop, the TPM Setup Wizard appears for you to enter a TPM owner password.

Once you have successfully cleared the TPM, you can check if this has resolved your problem:

  1. Open the TPM management console in Windows, it should report that the TPM is ready for use.

  2. Turn on BitLocker encryption, does the encryption finish successfully or fail with the same error a required TPM measurement is missing.

    1. If the Encryption finishes successfully, then the issue is resolved.

    2. If the same error occurs, then please use the next section to troubleshoot this further.

Back to Top


Check your Hard Disk Drive Boot Sector

If the error a required TPM measurement is missing persists, the next step is to attempt recovery of your hard drives boot sector.

Windows 7, 8, and 8.1, could install on a Legacy BIOS using MBR. However, Windows 8, 8.1, and 10 were designed to install on the UEFI BIOS using the EFI bootloader and GPT.

NOTE: Any repairs that are done to the root of a hard drive have the possibility that the repair may go wrong. This means you would lose any data on the drive that is not previously backed up. Best Practice is always to have performed a full backup of a drive before you work on it or it is operating system. The nt60 switch applies the [newer] boot code for BOOTMGR. SYS updates the primary boot code on the partition that is used to boot Windows.

For Hard Disk Drives using MBR

The steps are similar, but there are differences between Operating System types.

Windows 10

This Operating System uses GPT and the UEFI BIOS, rather than the MBR and Legacy BIOS.

Try encrypting using BitLocker again and if your issue with the same TPM error continues past this, then please contact technical support for further help.

NOTE: There is no Bootsect command for GPT. The GPT structure deals with a lot of the problems that Bootsect was designed to remedy. So there are no instructions on how to use this command. However if you find yourself in need of repairing the EFI bootloader, you can follow the instructions in the article How to repair the EFI bootloader on a GPT HDD for Windows 7, 8, 8.1 and 10 on your Dell PC.

Windows 8 and 8.1

If you do have the Installation Media:

  1. Insert the Media (DVD/USB) in your PC and restart.

  2. Boot from the media.

  3. Select Repair Your Computer.

  4. Select Troubleshoot.

  5. Choose Command Prompt from the menu.

  6. Type and run the command:

    bootsect /nt60 sys

If you do not have the Installation Media:

  1. Restart your PC

  2. Tap rapidly on the F8 key once the PC has turned on, but before the Windows Splash Screen appears.

    Be aware this may take several attempts. The timing for this option was shortened significantly from that in Windows 7.

  3. Select Repair your computer from the menu that appears.

  4. Select Command Prompt from the Troubleshoot screen.

  5. Type and run the command:

    bootsect /nt60 sys

Windows 7

If you do have the Installation Media:

  1. Insert the Media (DVD/USB) in your PC and restart.

  2. Boot from the media.

  3. Select Repair Your Computer.

  4. Select the operating system and click next.

  5. Choose Command Prompt from the menu.

  6. Type and run the command:

    bootsect /nt60 sys

If you do not have the Installation Media:

  1. Restart your PC

  2. Tap rapidly on the F8 key once the PC has turned on, but before the Windows Splash Screen appears.

  3. Select Repair your computer from the menu that appears.

  4. Select Command Prompt from the Recovery Options.

  5. Type and run the command:

    bootsect /nt60 sys

Back to Top

Additional Information

Affected Products

Inspiron, Latitude, Vostro, XPS, Fixed Workstations
Article Properties
Article Number: 000126671
Article Type: Solution
Last Modified: 30 Aug 2024
Version:  10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.