Is it common for Dell gamer laptops with Nvidia GPU's to not support Device Encryption?

Question

I cannot get some new Dell G15 5530 (W11Pro 23H2) laptops, which have Nvidia RTX 4060 GPU's, to offer device encryption as an option in settings.

Dell support refuses to help much because I upgraded Windows 11 Home to Pro soon after being handed this project. But they were willing to state in a chat that "hardware based device encryption is not an option for this model." I can only guess that they say this because these laptops have the Nvidia GPU's. Thus this post.

One ray of hope is provided by this doc from Microsoft that says "Starting in Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby are removed." Might upgrading to 24H2 enable these laptops to support "Device Encryption Support"?

If the reader wants further details:

MSINFO32 reports "Device Encryption Support" lists two "reasons for failed automatic device encryption":

PCR7 binding is not supported
Un-allowed DMA capable bus/device(s) detected (NVDIA GPU?)

Other relevant data points from MSINFO32:

BIOS Mode = UEFI
Secure Boot State = ON
PCR7 Configuration = Binding Not Possible

score -2 · Answer 1 · answered Nov 07 '24 at 16:33

You can try to disable the UEFI CA 2011 certificate in your Secure Boot settings. This will allow BitLocker to bind to PCR 7 instead of PCR 0, 2, 4, 11. To disable the UEFI CA 2011 certificate in Secure Boot settings, you need to go to the UEFI menu and find the Secure Boot setting.

Is it common for Dell gamer laptops with Nvidia GPU's to not support Device Encryption?

1 Answers1