On Dell systems with Windows 10 installed and configured for UEFI BIOS mode, BitLocker may experience issues with failing to turn on or prompting for the recovery key when the system is rebooted. This can occur when the system is also unable to support the TPM firmware flash from version 1.2 to version 2.0. The resolution covered in this article can be used to configure BitLocker to work with the TPM 1.2 firmware on Dell systems that support Windows 10/UEFI and that do not support the firmware upgrade to TPM 2.0.
The Latitude 12 Rugged (7202) is an example of a tablet that ships with Windows 10/UEFI and the TPM 1.2 firmware. By default, BitLocker does not work in this configuration and this platform does not support TPM 1.2<->2.0 mode changes. The resolution below has been tested for the 7202 and allows the use of BitLocker with TPM 1.2 in UEFI mode by modifying which PCR indexes are in the BitLocker profile to the default UEFI selections.
Some other system models ship with a Windows 7 downgrade and the TPM 1.2 firmware and fully support the upgrade to Windows 10, yet do not allow TPM 1.2<->2.0 mode changes.
Not Applicable
Figure 1: Manage BitLocker search results
Figure 2: BitLocker Drive Encryption Control Panel
Figure 3: Turn off BitLocker confirmation
Figure 4: Operating System Drives folder
Figure 5: Configure TPM platform validation profile setting
Figure 6: Enabled PCR settings