Windows 10: PCR7 binding was possible and now it suddenly is not - but everything works properly

Discus and support PCR7 binding was possible and now it suddenly is not - but everything works properly in Windows 10 Software and Apps to solve the problem; Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows... Discussion in 'Windows 10 Software and Apps' started by Avi_Dor, Mar 4, 2022.

  1. AVI_DOR
    Avi_Dor Win User

    PCR7 binding was possible and now it suddenly is not - but everything works properly


    Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not BitLocker. I have verified that these are all running properly in the System Information and Security Control Panel and PowerShell for Secure Boot also *after* it gives me this binding not supported error.When I had my PC first fully activated, with the BIOS fully configured *but* not yet updated, Windows 10 Pro ful

    :)
     
    Avi_Dor, Mar 4, 2022
    #1
  2. LSHEL42
    LShel42 Win User

    PCR7 Configuration Binding Not Possible

    I've got Windows 10 Home, Version 10.0.18363 Build 18363. I haven't been having any specific problems, but tonight I looked at my System Information and on the Summary page I noticed a couple of entries that I really don't understand.

    • PCR7 Configuration Binding Not Possible
    • Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected
    Do I have a problem that I'm unaware of? Should I be concerned? What do I do to fix it if necessary? Would appreciate some expert guidance here. Thanks.
     
    LShel42, Mar 4, 2022
    #2
  3. ZOLOCK
    Zolock Win User
    PCR7 Configuration Binding Not Possible

    Wanting to encrypt my drives, and seeing the same message, I purchased a TPM module and installed it. It is enabled, was cleared, but I'm seeing the same binding not possible message. I would like fix it. Any idea?
     
    Zolock, Mar 4, 2022
    #3
  4. GJOKER
    GJoker Win User

    PCR7 binding was possible and now it suddenly is not - but everything works properly

    PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834

    In our office we are trying to swap over from using McAfee's encryption tool to managing Bitlocker via Workspace One (formerly Airwatch). I was able to successfully apply Bitlocker to two Lenovo models T470s. After those worked, I pushed the same profile
    over to a test T480s. It went into Bitlocker recover on every boot. When I went into the system information, I got the following entry for the Device Encryption Support Reasons for failed automatic device encryption field: "PCR7 binding is not supported, Un-allowed
    DMA capable bus/device(s)"

    I was able to fix the DMA issue by adding the "PCI Express Upstream Switch Port" under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses with the appropriate key value. What I can't get working is the PCR7 binding. No matter
    what I try I still get "PCR7 Configuration Binding Not Possible" on the T480 and T490 models. Whenever I try to encrypt it I get the following messages in the event logs for Bitlocker API:

    Event 813 - "BitLocker cannot use Secure Boot for integrity because the expected TCG Log entry for variable 'CurrentPolicy' is missing or invalid."
    Event 834 - "BitLocker determined that the TCG log is invalid for use of Secure Boot. The filtered TCG log for PCR[7] is included in this event."

    I have updated the OS and BIOS. I have ensured that the the TPM module and Secure Boot are enabled in the BIOS. I have even toggled them off and back on again to make sure they are on.

    The TPM module appears to be correct:
    wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:list

    IsActivated_InitialValue=TRUE
    IsEnabled_InitialValue=TRUE
    IsOwned_InitialValue=TRUE
    ManufacturerId=1229346816
    ManufacturerIdTxt=IFX
    ManufacturerVersion=7.63.3353.0
    ManufacturerVersionFull20=7.63.13.6400
    ManufacturerVersionInfo=SLB9670
    PhysicalPresenceVersionInfo=1.3
    SpecVersion=2.0, 0, 1.16

    I've confirmed the SecureBoot both in the system info, manually in the BIOS, and by using the following powershell commands:
    PS C:\WINDOWS\system32> Confirm-SecureBootUEFI
    True
    PS C:\WINDOWS\system32> Get-SecureBootPolicy

    Publisher Version
    --------- -------
    77fa9abd-0359-4d32-bd60-28f4e78f784b 1

    If I try to push Bitlocker and run "Manage-bde -protectors -get %systemdrive%" I get the PCR values 0, 2, 4, 11. If I do it on the t470s I've encrypted I get the proper PCR 7, 11.

    Both are Microsoft Windows 10 Pro version 1909, all current patches applied.

    I suspect something with our image is causing the issue or issues. Normally I would try to pave over our image with a fresh install of Windows 10 to confirm, but with our main office closed I won't be able to re-apply the image to the device after doing
    so.

    Does anyone have any tips on how to isolate exactly what is causing the PCR7 bind issue?
     
    GJoker, Mar 4, 2022
    #4
Thema:

PCR7 binding was possible and now it suddenly is not - but everything works properly

Loading...

  1. PCR7 binding was possible and now it suddenly is not - but everything works properly - Similar Threads - PCR7 binding was

  2. PCR7 binding not possible/encryption issues

    in Windows 10 Gaming
    PCR7 binding not possible/encryption issues: I tried enabling encryption of the file explorer to be able to lock certain folders the other day and now i can not download anything from the xbox app for pc. It says that my drives are not encrypted.In System Information my BIOS mode IS set to: UEFIPCR7 reads: Binding not...

  3. PCR7 binding not possible/encryption issues

    in Windows 10 Software and Apps
    PCR7 binding not possible/encryption issues: I tried enabling encryption of the file explorer to be able to lock certain folders the other day and now i can not download anything from the xbox app for pc. It says that my drives are not encrypted.In System Information my BIOS mode IS set to: UEFIPCR7 reads: Binding not...

  4. PCR7 Binding not possible

    in Windows 10 Gaming
    PCR7 Binding not possible: I am running Windows 11 23H2 with an Asus B760 motherboard. Why do I see this message?And why S0 sleep state is not available?powercfg /availablesleepstates The following sleep states are available on this system: Standby S3 Hibernate Fast Startup The following sleep states...

  5. PCR7 Binding not possible

    in Windows 10 Software and Apps
    PCR7 Binding not possible: I am running Windows 11 23H2 with an Asus B760 motherboard. Why do I see this message?And why S0 sleep state is not available?powercfg /availablesleepstates The following sleep states are available on this system: Standby S3 Hibernate Fast Startup The following sleep states...

  6. BitLocker error - PCR7 binding is not supported

    in Windows 10 Software and Apps
    BitLocker error - PCR7 binding is not supported: Hello, I have an issue with BitLocker not working and advising "PCR7 binding is not supported"I've undertaken extensive research on the internet to resolve the issue and drawing a blank.This laptop was previously using BitLocker without issue prior to me wiping the system and...

  7. PCR7 binding was possible and now it suddenly is not - but everything works properly

    in AntiVirus, Firewalls and System Security
    PCR7 binding was possible and now it suddenly is not - but everything works properly: Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not...

  8. PCR7 binding was possible and now it suddenly is not - but everything works properly

    in Windows 10 Gaming
    PCR7 binding was possible and now it suddenly is not - but everything works properly: Hello everyone! I have an odd question regarding PCR7 binding not supported and mysterious Device Encryption Support for new desktop PCs using Windows 10 Pro for home use. I am using Secure Boot and all of the security features e.g., Virtualization & Code Integrity, but not...

  9. PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834

    in AntiVirus, Firewalls and System Security
    PCR7 Configuration Binding Not Possible, Bitlocker event IDs 813, 834: In our office we are trying to swap over from using McAfee's encryption tool to managing Bitlocker via Workspace One formerly Airwatch. I was able to successfully apply Bitlocker to two Lenovo models T470s. After those worked, I pushed the same profile over to a test T480s....

  10. PCR7 Configuration Binding Not Possible

    in Windows 10 BSOD Crashes and Debugging
    PCR7 Configuration Binding Not Possible: I've got Windows 10 Home, Version 10.0.18363 Build 18363. I haven't been having any specific problems, but tonight I looked at my System Information and on the Summary page I noticed a couple of entries that I really don't understand. PCR7 Configuration Binding Not...

Users found this page by searching for:

  1. PCR7 binding is not supported Reddit