我有一台 Surface Pro 6。有一天我的电脑被 BitLocker 锁定(没有明显原因)。恢复密钥后,我禁用了设备加密并解密了我的硬盘驱动器。
如果我现在这样做manage-bde -status,我会得到以下信息:
但是,这似乎禁用了我的 TPM。当我启动到 UEFI 时,TPM 选项被禁用,当我尝试启用它时,我收到一条消息说
系统未能更改 TPM 的状态。请重新启动系统以重试。
禁用安全启动没有帮助(我尝试启用和关闭安全启动的 TPM)。
在Device Manager
下也找不到 TPM ,因为即使在我选中“显示隐藏的设备”之后,我的安全设备部分也不会出现。
I learned that this could be an issue related to BitLocker. In efforts to enable TPM, I followed instructions that told me to pause BitLocker, but that command gave me an error:
I have another surface pro that has BitLocker encryption enabled, and the TPM is enabled (as by default).
From this, I have a few questions:
- Are the issues between decrypting my drive and being unable to turn on TPM related?
- How can I re-enable my TPM module?
*For more information, I have Surface Pro 6, model 1796.
好的,这就是可能发生的事情:
您需要修理设备,您无能为力。
No, disabling bitlocker will not disable TPM. TPM is managed from the BIOS/UEFI, and bitlocker is not capable of enabling/disabling TPM.
That said, if you change secure boot options in the BIOS/UEFI, it may disable TPM.
Given that your TPM is currently disabled, it sounds like you switched to legacy mode. For TPM to be allowed, Secure Boot must also be enabled.
It may be that you must enable secure boot, reboot, enter UEFI and then be allowed to enable TPM.
All the Surface devices I have seen had TPM and were BitLocked out of the factory. For the Surface, this seems to a requirement imposed by Microsoft.
The disk has not become BitLocked, but were so from the beginning. BitLocker was most likely already installed on your Surface by Microsoft, as most Surface devices are sold as BitLocked. At least we can be sure that TPM was still functional up till now.
To my knowledge, TPM devices are heavily protected, hardware and firmware, and will self-block on tampering, in effect putting then the burden of keys-keeping on the user. You were really lucky to be able to recover your data.
I think that when you disabled BitLocker, you have somehow activated some anti-tamper circuits in the TPM, which caused it to disable itself. It's possible that it became defective, but I would assume that this is less likely to happen spontaneously.
Since the BIOS cannot re-enable it, so Windows cannot see it, there is nothing that you can do except firmware update, which you tried but that did not restore the TPM functionality.
I suggest to try and get in touch with Microsoft Support, asking for any method or software that can reset or re-initialize the TPM. Information about it doesn't seem to be available to the public, perhaps for a reason.
我认为微软不太可能向您发布任何可以进入 TPM 并修改内容的软件,除了已经安装的软件,例如
tpm.msc. 微软更有可能建议将 Surface 发送给他们进行维修,也许需要支付一些费用。您目前的选择似乎是,要么继续使用不带 TPM 的 Surface,要么对其进行维修。