Reasons for failed automatic device encryption: Un-allowed DMA capable

Page 2 of 2 FirstFirst 12

  1. Posts : 1,104
    win 10 pro x64 os build 20H2
       #11

    Well MS rep was wrong this error is normal for a TPM 1.2 model for anyone wanting more info on this error check this out. so if you got this error Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not InstantGo, Un-allowed DMA capable bus/device(s) detected, Disabled by policy, make sure you have a TPM 2.0 model and not a TPM 1.2 as the error is related to your TPM chip not beeing compatible see chart below. This is something new according to the page would explain why it use to be supported and is now not according to the page the changed it to TPM 2.0 going forward but kept some of the stuff compatible for older systems all new system will need TPM 2.0 is what i read and understand. Hope this helps others god bless all.

    taken from TPM recommendations (Windows 10) | Microsoft Docs
    TPM and Windows Features

    The following table defines which Windows features require TPM support.
    Windows Features TPM Required Supports TPM 1.2 Supports TPM 2.0 Details
    Measured Boot Yes Yes Yes Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
    BitLocker Yes Yes Yes TPM 1.2 or 2.0 is required
    Device Encryption Yes N/A Yes Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0.
    Device Guard No Yes Yes
    Credential Guard No Yes Yes Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
    Device Health Attestation Yes Yes Yes
    Windows Hello/Windows Hello for Business No Yes Yes Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
    UEFI Secure Boot No Yes Yes
    TPM Platform Crypto Provider Key Storage Provider Yes Yes Yes
    Virtual Smart Card Yes Yes Yes
    Certificate storage No Yes Yes TPM is only required when the certificate is stored in the TPM.

      My Computer


  2. Posts : 1,520
    Windows 10 Pro (32-bit) 16299.15
       #12

    Tonyb said:
    guys facing same issue as well have this error in system info and my secure boot is now disabled and stuff any way to fix ?? called ms they just point me to device manufacture , no help at all, the article looks to be removed ??
    Just to update an old thread - that article seems to be back at
    https://docs.microsoft.com/en-us/win...yption-for-oem

    I don't know if it had all the same information as before?

    This time I'm right-clicking the download option bottom-left to keep a PDF copy!
      My Computer


  3. Posts : 1,104
    win 10 pro x64 os build 20H2
       #13

    Thanks much after reading this i understand why :)
      My Computer

  4. SHIELD's Avatar
    Posts : 4
    Windows 10 Pro
       #14

    Tonyb said:
    Well MS rep was wrong this error is normal for a TPM 1.2 model for anyone wanting more info on this error check this out. so if you got this error Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not InstantGo, Un-allowed DMA capable bus/device(s) detected, Disabled by policy, make sure you have a TPM 2.0 model and not a TPM 1.2 as the error is related to your TPM chip not beeing compatible see chart below. This is something new according to the page would explain why it use to be supported and is now not according to the page the changed it to TPM 2.0 going forward but kept some of the stuff compatible for older systems all new system will need TPM 2.0 is what i read and understand. Hope this helps others god bless all.

    taken from TPM recommendations (Windows 10) | Microsoft Docs
    TPM and Windows Features

    The following table defines which Windows features require TPM support.
    Windows Features TPM Required Supports TPM 1.2 Supports TPM 2.0 Details
    Measured Boot Yes Yes Yes Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot
    BitLocker Yes Yes Yes TPM 1.2 or 2.0 is required
    Device Encryption Yes N/A Yes Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0.
    Device Guard No Yes Yes
    Credential Guard No Yes Yes Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported.
    Device Health Attestation Yes Yes Yes
    Windows Hello/Windows Hello for Business No Yes Yes Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support.
    UEFI Secure Boot No Yes Yes
    TPM Platform Crypto Provider Key Storage Provider Yes Yes Yes
    Virtual Smart Card Yes Yes Yes
    Certificate storage No Yes Yes TPM is only required when the certificate is stored in the TPM.

    Now yea can fix this with Out reinstalling you're windows :)
    Device Encryption Support Reasons for failed automatic device encryption: TPM is not usable, PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected, TPM is not usable


    it can be fixed microsoft said it couldn't lol the old way we had to take back up of stuff to relaod everything this new way we don't :) YouTube tells yea I hope this finally solves this don't microsoft over the phone they still claim yea can't do this One Up on them lololol
      My Computer

  5. SHIELD's Avatar
    Posts : 4
    Windows 10 Pro
       #15

    fix the TPM Binding for good with out reinstalling 2019


    DavidY said:
    Just to update an old thread - that article seems to be back at
    https://docs.microsoft.com/en-us/win...yption-for-oem

    I don't know if it had all the same information as before?

    This time I'm right-clicking the download option bottom-left to keep a PDF copy!
    use My Post to go fix that even On Older system it worked for mine follow the video\s Instructions
    https://docs.microsoft.com/en-us/win...ent/mbr-to-gpt <------------------------------there yea go thisis 2019 Now the FIX is here. yea change it to 4 to full Microsoft screwed after the last version blocked us from doing mine always untill the last 3 updated from the 1607 and upReasons for failed automatic device encryption: Un-allowed DMA capable-binding-workedwiththisfix.jpg
    Last edited by SHIELD; 20 Jul 2019 at 08:22. Reason: forgot the Pic
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:05.
Find Us




Windows 10 Forums