solution Contentsolution Content

SUPPORT COMMUNICATION- CUSTOMER ADVISORY

Document ID: c08079484

Version: 1

HP Commercial Notebooks, Desktop, and MS Workstation PCs - Bitlocker may bind to incorrect Platform Configuration Register (PCR) values

Notice: The information in this document, including products and software versions, is current as of the release date.The document is subject to change without notice.

Release date : 01-Feb-2022

Last updated : 01-Feb-2022

DESCRIPTION
Some HP commercial notebooks, desktops, or workstations with BitLocker might activate with an incorrect selection of the Platform Configuration Register (PCR) values that measure PCR 0, 2, 4, and 11 instead of Microsoft's default (recommended settings) of PCR 7 and 11 for UEFI devices with Secure Boot enabled.
PCR Validation Profile: 0, 2, 4, 11

SCOPE
Information in this document applies to the following computers configured with the HP Common BIOS:
Computers:
All commercial notebooks, desktops, RPOS, Thin Clients, and Workstation PCs
Operating Systems:
  • Microsoft Windows 10 21H2
  • Microsoft Windows 10 21H1
  • Microsoft Windows 10 20H1 (Version 2004)
  • Microsoft Windows 10 19H2 (Version 1909)
  • Microsoft Windows 10 19H1 (Version 1903)
  • Microsoft Windows 10 (64-bit)
  • Microsoft Windows 10 IoT Enterprise 2019 LTSC (64-bit)
  • Microsoft Windows 10 IoT Enterprise 2016 LTSB (64-bit)
  • Microsoft Windows 10 IoT (64-bit)
  • Microsoft Windows 10 China Government Edition
RESOLUTION
To recover from this issue, confirm the following:
Refer to the manageability page at Client Management Solutions Overview | HP® Official Site for more information on configuring the BIOS settings using the HP manageability tool of their choice.
HP provides various tools to change BIOS settings that include the following:
  • HP Bios Configuration Utility
  • HP Client Management Script Library
  • HP Connect
To confirm the PCR bindings, use the following command from an administrative command prompt:
manage-bde -protectors -get c:
Confirm the following settings in the PCR Validation Profile:
PCR Validation Profile
Option 1: Confirm the VTx, VTd, and DMA Protection settings in HP Computer Setup (F10):
  1. Turn on or restart the computer.
  2. Immediately, press F10 to enter HP Computer Setup (BIOS).
  3. Select Security.
  4. Locate the Virtualization Technology (VTx) option, and then select the checkbox.
  5. Locate the Virtualization Technology for Directed I/O (VTd) option, and then select the checkbox.
  6. Locate the DMA Protection option, and then select the checkbox.
    Locating and selecting the DMA checkbox.
  7. Restart the computer.
note:
If Trusted Execution Technology (TXT) is enabled in F10 BIOS settings, it must be disabled before you can enable VTx and VTd in option 1 or 2.
note:
The VTx and VTd settings MUST be enabled for Option 1 or 2.
Option 2: If the DMA Protection required to be disabled or the device does not have DMA protection settings, ensure that the Thunderbolt Security level is set to any value except No Security.
Thunderbolt Security Level
  1. Turn on or restart the computer.
  2. Immediately, press F10 to enter HP Computer Setup (BIOS).
  3. Select Advanced > Thunderbolt Options.
  4. Locate the Thunderbolt Security Level drop-down menu.
  5. Select the PCIe and DisplayPort-User Authorization option.
  6. Restart the computer.

Hardware platforms affected : HP Elite Dragonfly G2 Notebook PC, HP Elite Dragonfly Max Notebook PC, HP Elite Dragonfly Notebook PC, HP Elite x2 G8 Tablet, HP EliteBook 830 G6 Notebook PC, HP EliteBook 830 G7 Notebook PC, HP EliteBook 830 G8 Notebook PC, HP EliteBook 830 G8 Notebook PC Configurable Material, HP EliteBook 836 G6 Notebook PC, HP EliteBook 840 G6 Healthcare Edition Notebook PC, HP EliteBook 840 G6 Notebook PC, HP EliteBook 840 G7 Notebook PC, HP EliteBook 840 G7 Notebook PC, HP EliteBook 840 G8 Notebook PC, HP EliteBook 850 G6 Notebook PC, HP EliteBook 850 G8 Notebook PC, HP EliteBook 850 G8 Notebook PC Configurable Material, HP EliteBook x360 1030 G8 Notebook PC, HP EliteBook x360 1040 G6 Notebook PC, HP EliteBook x360 1040 G8 Notebook PC, HP EliteBook x360 830 G6 Notebook PC, HP EliteBook x360 830 G7 Notebook PC, HP EliteBook x360 830 G8 Notebook PC, HP EliteDesk 800 G5 Desktop Mini PC, HP EliteDesk 800 G5 Desktop Mini PC Configurable Material, HP EliteDesk 800 G5 Small Form Factor PC, HP EliteDesk 800 G5 Small Form Factor PC Configurable Material, HP EliteDesk 800 G5 Tower PC, HP EliteDesk 800 G6 Desktop Mini PC, HP EliteDesk 800 G6 Desktop Mini PC Configurable Material, HP EliteDesk 800 G6 Small Form Factor Configurable Material, HP EliteDesk 800 G6 Small Form Factor PC, HP EliteDesk 800 G6 Tower PC, HP EliteDesk 800 G6 Tower PC Configurable Material, HP EliteDesk 800 G8 Desktop Mini PC, HP EliteDesk 800 G8 Desktop Mini PC Configurable Material, HP EliteDesk 800 G8 Small Form Factor PC, HP EliteDesk 800 G8 Small Form Factor PC Configurable Material, HP EliteDesk 800 G8 Tower PC, HP ProBook 430 G7 Notebook PC, HP ProBook 430 G8 Notebook PC, HP ProBook 440 G7 Notebook PC, HP ProBook 440 G8 Notebook PC, HP ProBook 450 G8 Notebook PC, HP ProBook 630 G8 Notebook PC, HP ProBook 640 G5 Notebook PC, HP ProBook 640 G7 Notebook PC, HP ProBook 640 G8 Notebook PC, HP ProBook 650 G7 Notebook PC, HP ProBook 650 G8 Notebook PC, HP ProDesk 600 G5 Desktop Mini PC, HP ProDesk 600 G5 Desktop Mini PC Configurable Material, HP ProDesk 600 G5 Microtower PC, HP ProDesk 600 G5 Microtower PC (with PCI slot), HP ProDesk 600 G5 Microtower PC Configurable Material, HP ProDesk 600 G5 Small Form Factor PC, HP ProDesk 600 G5 Small Form Factor PC Configurable Material, HP ProDesk 600 G6 Desktop Mini PC, HP ProDesk 600 G6 Microtower PC, HP ProDesk 600 G6 Microtower PC (Jamie) Configurable Material, HP ProDesk 600 G6 PCI Microtower PC, HP ProDesk 600 G6 Small Form Factor PC, HP ProDesk 600 G6 Small Form Factor PC Configurable Material, HP ProDesk 600 G8 Desktop Mini PC, HP ProDesk 600 G8 Desktop Mini PC Configurable Material, HP ProDesk 600 G8 Microtower PC, HP ProDesk 600 G8 Microtower PC Configurable Material, HP ProDesk 600 G8 Small Form Factor PC, HP ProDesk 600 G8 Small Form Factor PC Configurable Material, HP ZBook 14u G6 Mobile Workstation, HP ZBook 15 G6 Mobile Workstation, HP ZBook 15u G6 Mobile Workstation, HP ZBook 17 G6 Mobile Workstation, HP ZBook 17 G6 Mobile Workstation, HP ZBook Firefly 14 G7 Mobile Workstation, HP ZBook Firefly 14 inch G8 Mobile Workstation PC, HP ZBook Firefly 15 G7 Mobile Workstation, HP ZBook Fury 15 G7 Mobile Workstation, HP ZBook Fury 15.6 inch G8 Mobile Workstation PC, HP ZBook Power 15.6 inch G8 Mobile Workstation PC, HP ZBook Power G7 Mobile Workstation

Operating systems affected : Not applicable

Software affected : Not applicable

Support Communication Cross Reference ID : IA08079484

© Copyright 2023 HP Development Company, L.P.
HP Inc. shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?