Unable to activate Bit Locker 0x80284001

Question

_{Wednesday, September 2, 2015 10:11 PM}

Ok, backstory... I have an HP EliteBook 8460w laptop. Originally ran Windows Vista Business, then Windows 7 Professional. On both of those operating systems Bit Locker started and runs perfectly. I had an MBR partition table with Vista, and GPT with Windows 7 (for UEFI booting).

I upgraded to Windows 10 Pro and chose the option to 'keep nothing'. I was surprised to see this actually reformatted my system drive (256 GB SSD), as it was no longer encrypted after the upgrade. Attempting to start Bit Locker gives an error that said "An internal error has occurred within the Trusted Platform Module support program." When starting in the console I receive error 0x80284001 with the same explanation. I completely wiped the drive and reinstalled Windows 10 Pro again from scratch just in case, but the problem remained afterwards.

I encountered the exact same issue when I tried one of the later builds of Windows 10 Insider Preview for a short while, but ultimately got no where and just reported the issue on the feedback tool and attributed it to being an early build. Seems the problem is still here. See this link for my original post: Previous TechNet Post during Insider Preview.

I contact HP and they had me update to the latest BIOS (though I already had it installed) said to contact Microsoft for more support. I contact Microsoft and they said they had no idea and closed my case unresolved. I noticed the TPM driver is installed by Microsoft and very old, predates even Windows Vista! Not sure if there is one more recent out there.

I'd really like to use Windows 10 on my laptop as it is very fast and has many better features than Windows 7, however I travel extensively and can't afford the risk of it being stolen without an encrypted hard drive. Any help is much appreciated. Thanks!

All replies (11)

_{Sunday, December 13, 2015 5:51 PM ✅Answered | 7 votes}

I'm sorry I should have come back here and posted that I did find a solution.

With HP, the machines that end in "60" or less aren't true UEFI machines. The BIOS block isn't large enough for the entire UEFI instruction set to be implemented.

HP used the spare space to create a UEFI compatibility mode, which will allow these machines to be setup and installed with UEFI booting. To the OS, there is no difference between this and a native UEFI machine.

The problem comes when you go to activate Bit Locker. Windows see the machine as having a UEFI structure, and sends UEFI-based commands to the system board for TPM access. The system board confirms it indeed has the TPM, but doesn't have the full TPM program installed in the UEFI (because of the space). Because of this, Windows is not able to communicate properly with the TPM. This happens even in a UEFI-installed Windows 7. This is not an OS issue, and there is absolutely nothing Microsoft can do to fix the issue, it is a hardware limitation.

The solution, is to enter the HP BIOS (F10) and turn off UEFI mode BEFORE installing and version of Windows. Windows 10 will still install and function 100% perfectly running under BIOS mode, and as my machine proves, so will the TPM and Bit Locker.

Short version: Disable the UEFI mode and install in BIOS mode and everything works.

_{Thursday, September 3, 2015 3:50 AM | 1 vote}

On Wed, 2 Sep 2015 22:11:22 +0000, rytomi wrote:

I noticed the TPM driver is installed by Microsoft and very old, predates even Windows Vista! Not sure if there is one more recent out there.

You can ignore the date for the driver. I'm not really sure why but a lot
of the in-box drivers show a date of 6/21/2006. The important thing to look
at here is the Driver Version and yours is up-to-date.

Run tpm.msc and let me know what the Status of your TPM is. You may need to
go into your BIOS and clear the TPM chip.

Paul Adare - Directory Services (MIM CM) MVP
If my post answers your question, please mark it as an answer. I really
don't care about the points, marking it as an answer may help someone else
with the same problem. Thanks!

_{Thursday, September 3, 2015 8:55 PM}

Status of my TPM is "TPM is ready, with reduced functionality"

I have tried resetting the TPM, clearing, taking ownership. All TPM functions complete successfully in windows and from the BIOS without any errors. I only get the error when actually trying to start Bit Locker.

_{Friday, September 4, 2015 7:15 AM}

Hi rytomi,

Please run "dism/online/cleanup-image/restorehealth" to check the health of system files.

According to the error messages, this issue is related to the TPM.
To make a device work well, we should get a compatible driver. I have checked your model from the HP website and they haven`t released the Windows 10 compatible drivers for this model machine. We could try to download the latest TPM driver from the HP website and install it in "**Compatibility mode"(**Right click the installer package,"Properties", "Compatibility").

If the issue persists, we could try to work with BItlocker without TPM. To do this, we should configure a group policy.
Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup\ Allow BitLocker without a compatible TPM

Best regards

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].

_{Friday, September 4, 2015 9:12 PM}

As far as the TPM driver goes, I couldn't find any information on a specific TPM driver. My HP 8460w doesn't have Windows 10 drivers posted to the site, however with the exception of the CPU and Video card, it is nearly identical to the 8470w, which has Windows 10 drivers posted. The only drivers I needed to install in Windows 10 were those for the Graphics (from AMD's website) and for the Audio functions.

I ran the DISM cleanup-image command and it didn't find any issues.

This is a laptop and running Bit Locker without the TPM is neither secure nor practical, and is not a viable solution to malfunctioning software.

Since I am able to run all TPM management functions without issue from Windows 10, and the TPM and Bit Locker work perfectly in both Windows Vista and Windows 7, clearly my hardware is functioning properly and this is a Windows 10 software issue. I'd like to emphasize the error doesn't say my hardware isn't working, it says... "An internal error has occurred within the Trusted Platform Module support program."

_{Monday, September 7, 2015 6:42 AM}

Hi rytomi,

After a deep research, I found this error is related to the TBS.dll. The Tbsip_Submit_Command function submits a Trusted Platform Module (TPM) command to TPM Base Services (TBS) for processing. If it failed, then we will get this error.

Here is a link for reference:
Tbsip_Submit_Command function(The theory should also be applied to Windows 10)
https://msdn.microsoft.com/en-us/library/windows/desktop/aa446799(v=vs.85).aspx

I have checked my machines` tbs.dll. Its version is 10.0.10240.16384. I hope this will be useful for you to troubleshoot this issue.

Have you tried to perform a clean boot to have a troubleshoot before?

Since this error is related to specific service, we could perform a clean boot to troubleshoot a third party service conflict issue.

Best regards

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].

_{Monday, September 7, 2015 4:56 PM}

My TBS.DLL is the same version you have.

I have tried a clean boot and it made no difference.

I do see my error listed there, but the page offers no troubleshooting steps, and this seems to be more complicated than I have skills for.

Since this still seems to be a software issue (confirmed my the error code), is there any way we can submit this to a Microsoft Engineer for a bug fix perhaps?

_{Tuesday, September 8, 2015 3:20 AM}

Hi rytomi,

A bug should be reproduced on any machines. Have you tested this on other machines?

Due to the limited work environment, it is not available to test this from my side.

If you want to submit any feedback about Windows 10, we could try the built-in "Feedback" tool (Search it directly).

Best regards

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].

_{Tuesday, September 8, 2015 12:52 PM}

Unfortunately I don't have any other laptops to test with.

_{Sunday, December 13, 2015 9:36 AM}

Hi rytomi,

i have the same problem with my hp 2760p. The problem is the tpm with reduced functionality. So what i done,

I installed 3 times windows 10 and cleared tpm hundred times. it didn't work.

I installed windows 7  again- It works great.

then installed windows 10 again. TPM only with reduced functionality

I had a anaother laptop to test with. It is hp 2710p,  older modell.

I installed windows 10. There is tpm ready and working great.

if you install tpm driver, bitlocker doesn't find the tpm.
it is infineon tpm driver. If you install it, it only works with infineon tpm professional package programm.

the only difference between tpm module in 2710p and 2760 is firmware of the tpm. You can see it on tpm.msc. 2710p has fw 1.2, 2760p has 3.17. The tpm modul has the full name Infineons TPM, SLB 9635 TT 1.2, I think The tpm modul in our laptops are incompatible with windows 10. But why, I don't know

I  tried bitlocker without tpm. It works. 

I hope it helps you

_{Sunday, December 13, 2015 11:51 AM | 2 votes}

Hi rytomi,

i have good news

i see that http://h40434.www3.hp.com/t5/Notebook-Software-and-How-To-Questions/2760p-bitlocker-does-not-work-with-UEFI-enabled/td-p/2853669.

tpm doesn't work when windows in uefi installed.  hp XX60 series laptops are class 2 UEFI machines, so basically it has some UEFI support (boot from EFI file and so on) but is not a Native UEFI machine, it still uses a "legacy" BIOS.

I installed my windows in legacy bios mode. tpm is ready. Bitlocker works.