Tower Plus EBT2250, device encryption not available

Gilles, I've done 3 reinstalls and nothing changed, so don't waste your time.

Dell will need to figure out the problem with their BIOS and get us some updates.

I see the following on the system:

Event Viewer for Bitlocker-API

• Information Microsoft-Windows-BitLocker-API 893 None
  • BitLocker determined that the TCG log is invalid for use of Secure Boot. The filtered TCG log for PCR[7] is included in this event.
• Warning Microsoft-Windows-BitLocker-API 813 None
  • BitLocker cannot use Secure Boot for integrity because the expected TCG Log entry for variable 'CurrentPolicy' is missing or invalid.
• Information Microsoft-Windows-BitLocker-API 881 None
  • The signature contained in the EFI_SIGNATURE_DATA structure from the TCG Log OS Loader Authority event could not be found in the verified certificate chain for the boot manager.
    

System Information Related Details

OS Name Microsoft Windows 11 Home 
Version 10.0.26200 Build 26200 
Other OS Description  Not Available 
OS Manufacturer Microsoft Corporation 
System Name XYZ 
System Manufacturer Dell Inc. 
System Model Dell Tower Plus EBT2250 
System Type x64-based PC 
System SKU 0CD8 
Processor Intel(R) Core(TM) Ultra 7 265K, 3900 Mhz, 20 Core(s), 20 Logical Processor(s) 
BIOS Version/Date Dell Inc. 1.13.0, 1/7/2026 
SMBIOS Version 3.8 
Embedded Controller Version 1.04 
BIOS Mode UEFI 
BaseBoard Manufacturer Dell Inc. 
BaseBoard Product 02D3NT 
BaseBoard Version A00 
Platform Role Desktop 
Secure Boot State On 
PCR7 Configuration Binding Not Possible 
Windows Directory C:\WINDOWS 
System Directory C:\WINDOWS\system32 
Boot Device \Device\HarddiskVolume3 
Locale United States 
Hardware Abstraction Layer Version = "10.0.26100.1" 
User Name XYZ\user 
Time Zone Eastern Standard Time 
Installed Physical Memory (RAM) 32.0 GB 
Total Physical Memory 31.5 GB 
Available Physical Memory 17.8 GB 
Total Virtual Memory 36.5 GB 
Available Virtual Memory 18.7 GB 
Page File Space 5.00 GB 
Page File C:\pagefile.sys 
Kernel DMA Protection On 
Virtualization-based security Running 
Virtualization-based security Required Security Properties Base Virtualization Support 
Virtualization-based security Available Security Properties Base Virtualization Support, Secure Boot, DMA Protection, Secure Memory Overwrite, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control, APIC Virtualization 
Virtualization-based security Services Configured Hypervisor enforced Code Integrity 
Virtualization-based security Services Running Hypervisor enforced Code Integrity 
App Control for Business policy Enforced 
App Control for Business user mode policy Audit 
Automatic Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA capable bus/device(s) detected 
A hypervisor has been detected. Features required for Hyper-V will not be displayed.  

Do you see similar?  Cheers.

Not on my EBT2250 either:

Automatic Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA capable bus/device(s) detected

I see you found the other Dell subject on this too? The one from Oct. 2023.

Did you see this one, https://www.dell.com/support/kbdoc/en-us/000203995/platform-configuration-register-7-binding-not-possible-message-when-used-with-tpm-and-bitlocker ???

It states it IS working as designed (and explains why) and does apply to the EBT2250.

@ispalten​

Not on my EBT2250 either:

/../

Did you see this one, https://www.dell.com/support/kbdoc/en-us/000203995/platform-configuration-register-7-binding-not-possible-message-when-used-with-tpm-and-bitlocker ???

It states it IS working as designed (and explains why) and does apply to the EBT2250.

Thanks.

And yes I've found the page you're referring to shortly after posting here.

But I confess I didn't really understood it 🫤

@Gilles.P​ 

You have a GPU, especially an Nvidia one (I've got the RTX-4060)?

That may have the OROM referred too, and the cause?

@ispalten​

@Gilles.P​ 

You have a GPU, especially an Nvidia one (I've got the RTX-4060)?

That may have the OROM referred too, and the cause?

Yes : a NVIDIA 4070 super

@Gilles.P​ 

I'm now thinking the could be a BIOS problem?

I checked my XPS8940 with an Nvidia card. I is OK,"Automatic Device Encryption Support Meets prerequisites".

That document states it applies to XPS's? So why is my 8940 showing something different? I do have on the 8940 Device Encryption as a choice on the Settings too.

That Dell Document, as I read it again, it talks about BitLocker being enabled too?

So I checked to see it the Tower had it, using in an Elevated CMD prompt "manage-bde -status" On BOTH the Tower and my XPS8940 no drives had BitLocker enabled (none stated)?

Both the XPS8940 and EBT2250 Tower are running the SAME version of Win11 Home 24H2 with the same level of updates.

Seems like a 'Dell Problem'? Maybe in the BIOS? Tower is using the latest as of today?

@ispalten​

That document states it applies to XPS's? 

I guess that do not mean that it applies to *all* XPS's models 

@DELL-Chris M , Can you look into this?

If it does work on my XPS8940, but not the Dell Tower EBT2250, why would that be? Both of my Tower and 8940 have Nvidia cards? Odd to say the least? Could be a BIOS problem?

Again, you cannot compare the 2020 XPS 8940 with a 2025 non-XPS model. Tower EBT2250 is not listed in the May 13, 2025 article. Perhaps the article will be updated, unknown.

Dell GHN (Get Help Now) chat technical support must verify the ownership and warranty status. Click the blue "Get Help Now" on the right to start a private live chat session. Share the private Tower Plus EBT2250 Service Tag with them. Once verified, they will troubleshoot with you.

@DELL-Chris M​

Again, you cannot compare the 2020 XPS 8940 with a 2025 non-XPS model. Tower EBT2250 is not listed in the May 13, 2025 article. Perhaps the article will be updated, unknown.

Chris, from the May 13, 2025 page, it is a Target system (although not specifically called out by model of XPS):

Also, when on that page it does call out the EBT2250:

===============

Dell GHN (Get Help Now) chat technical support must verify the ownership and warranty status. Click the blue "Get Help Now" on the right to start a private live chat session. Share the private Tower Plus EBT2250 Service Tag with them. Once verified, they will troubleshoot with you.

================

I will leave that to the Original Poster, @Gilles.P as all I was trying to do was help here. 

@DELL-Chris M​

Tower EBT2250 is not listed in the May 13, 2025 article. Perhaps the article will be updated, unknown.

The "affected product" list is not very clear since it doesn't contain the part numbers
It contains a "Dell Tower" and a "Dell Plus", one of them could be the EBT2250.

Dell GHN (Get Help Now) chat technical support must verify the ownership and warranty status. Click the blue "Get Help Now" on the right to start a private live chat session. Share the private Tower Plus EBT2250 Service Tag with them. Once verified, they will troubleshoot with you.

Already done (sorry I should had mentioned that).

A support ticket is already opened. I gave many informations (event log extracts, MSINFO32 output) to technical support agent.

After two days with many exchange of information the only solution proposed was to perform a complete system reinstall.
(I make regular image backups but restoring from them is not an option since it will bring back my device to the exact same configuration including the problem).

So I would have to perform software installs and restore settings manually, which would be very time consuming with a high probability to get the issue again after that (BTW after the initial setup on the delivered system, I found that system encryption was not active to that machine which I've heard is not usual on Windows 11 Home machines. And I remember having to use the "manage-bde -status c:" command to check since the options was not in the settings already).

So that's to be sure that a complete reinstall could be useless that I asked other owners of that model to check in this thread.

(my previous answer has been lost)

(** EDIT : it's back **)

I already have a Dell support ticket opened on that issue (sorry, I should have mentioned that).
After two days and many exchanges of technical informations, logs and commands output, their last latest suggestion was to perform a complete reinstall.

I make regular image backups but restoring from that is not an option since I would get a probably the same error after restoring.

Note also that device encryption was not enabled on my machine after the initial setup and I had to use the "manage-bde -status c:" command to check since the option were already missing in the settings

That's why I'm afraid that a complete reinstall and all the post install (installs apps and manage their settings) could be a waste of time. That's why I asked other owners of that system to check if they have the same issue and apparently @ispalten is one of them