Eu tenho um Surface Pro 6. Um dia meu computador ficou bloqueado com o BitLocker (sem motivo aparente). Depois de recuperar a chave, desativei a criptografia do dispositivo e descriptografei meu disco rígido.
Se eu fizer isso agora manage-bde -status, recebo esta informação:
No entanto, isso parecia ter desativado meu TPM. Quando inicializo no UEFI, a opção TPM está desabilitada e, ao tentar habilitá-la, recebo uma mensagem dizendo
O sistema falhou ao alterar o estado do TPM. Reinicie o sistema para tentar novamente.
Desativar a inicialização segura não ajuda (tentei ativar o TPM com inicialização segura ativada e desativada).
O TPM também não é encontrado no Gerenciador de dispositivos , pois minha seção Dispositivos de segurança não aparece mesmo depois de verificar "Mostrar dispositivos ocultos".
I learned that this could be an issue related to BitLocker. In efforts to enable TPM, I followed instructions that told me to pause BitLocker, but that command gave me an error:
I have another surface pro that has BitLocker encryption enabled, and the TPM is enabled (as by default).
From this, I have a few questions:
- Are the issues between decrypting my drive and being unable to turn on TPM related?
- How can I re-enable my TPM module?
*For more information, I have Surface Pro 6, model 1796.
Ok, então aqui está o que provavelmente aconteceu:
Você precisa consertar o dispositivo, não há mais nada que você possa fazer.
No, disabling bitlocker will not disable TPM. TPM is managed from the BIOS/UEFI, and bitlocker is not capable of enabling/disabling TPM.
That said, if you change secure boot options in the BIOS/UEFI, it may disable TPM.
Given that your TPM is currently disabled, it sounds like you switched to legacy mode. For TPM to be allowed, Secure Boot must also be enabled.
It may be that you must enable secure boot, reboot, enter UEFI and then be allowed to enable TPM.
All the Surface devices I have seen had TPM and were BitLocked out of the factory. For the Surface, this seems to a requirement imposed by Microsoft.
The disk has not become BitLocked, but were so from the beginning. BitLocker was most likely already installed on your Surface by Microsoft, as most Surface devices are sold as BitLocked. At least we can be sure that TPM was still functional up till now.
To my knowledge, TPM devices are heavily protected, hardware and firmware, and will self-block on tampering, in effect putting then the burden of keys-keeping on the user. You were really lucky to be able to recover your data.
I think that when you disabled BitLocker, you have somehow activated some anti-tamper circuits in the TPM, which caused it to disable itself. It's possible that it became defective, but I would assume that this is less likely to happen spontaneously.
Since the BIOS cannot re-enable it, so Windows cannot see it, there is nothing that you can do except firmware update, which you tried but that did not restore the TPM functionality.
I suggest to try and get in touch with Microsoft Support, asking for any method or software that can reset or re-initialize the TPM. Information about it doesn't seem to be available to the public, perhaps for a reason.
Acho improvável que a Microsoft lance para você qualquer software que possa acessar o TPM e modificar coisas, exceto o software que já está instalado, como o
tpm.msc. É muito mais provável que a Microsoft sugira o envio do Surface para reparo, talvez com algum custo.Suas opções no momento parecem ser continuar usando o Surface sem TPM ou repará-lo.