I want to encrypt a VHD (Virtual Hard Disk), or at least some folders in it, on Windows 11 Home using its native tools, but am receiving the following errors in Windows' System Information tool (when run as admin):
Device Encryption Support:
PCR 7 binding is not supported, Un-allowed DMA capable bus/device(s) detected
There is a good QA here on Super User for the "Un-allowed DMA capable bus/device(s)" error, but before I spend time resolving that error, I want to ensure I can fix the "PCR 7 binding is not supported" error.
Here's what I've already done to try to fix this error, but nothing has helped so far:
- Ensured the system BIOS is the latest version
- Ensured system is using UEFI
- Ensured Secure Boot is enabled
- Ensured TPM 2.0 is enabled in the BIOS
- Ensured Windows recognizes the firmware's TPM 2.0
- Ensured Windows is completed updated
- Ensured Windows recognizes that power mode S0 (Standby Low Power Idle) is supported
- Ensured the Windows registry key
KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker\PreventDeviceEncryptionis not set to 1 (true)
What else can be done to resolve that error?
Update
That good Super User QA I mentioned is good, but Microsoft made some significant changes to Windows 11 that completely changes the usefulness of that QA. So I wrote a new Super User QA for new versions of Windows 11:
Un-allowed DMA capable bus/device(s) detected - how to handle now that Microsoft has removed common fix?
