I have ThinkPad P1 Gen 3 laptop and I dual boot Linux and Windows 10. For that I want to use a boot manager that supports booting both OS-es (Windows Boot Manager doesn't support that). I also want to have Secure Boot on and have my Windows partition encrypted using BitLocker.

The problem I have is that when I boot Windows using another boot manager (I tried both rEFInd and systemd-boot) BitLocker support is disabled. I see that the reason for this is PCR7 binding not working - System Information says:

PCR7 Configuration: Binding Not Possible

Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported; Un-allowed DMA capable bus/device(s) detected
When I boot Windows directly from UEFI (UEFI -> Windows Boot Manager) instead of using a third-party boot manager (UEFI -> Another boot manager -> Windows Boot Manager) I don't have those problems and BitLocker support works fine.

I'm not a Windows expert and I don't know neither what PCR7 nor TPM is. I cannot find any resources on the internet that would explain how those things work nor how to fix the problem, so I came here.

Can someone explain me what's the problem here? Why Windows cannot establish this PCR7 binding when I boot it using another boot manager? Can I somehow fix that?