smalllll_8
New member
- Joined
- Aug 6, 2019
- Messages
- 2
Windows 24h2
BitLocker-API events from eventvwr report that "BitLocker determined that the TCG log is invalid for use of Secure Boot. " and also "BitLocker cannot use Secure Boot for integrity because the expected TCG Log separator entry is missing or invalid."
I am using latest bios. Already tried resetting secure boot keys, clearing tpm.
TCG is invalid and that makes PCR7 unusable. This bug exist in msi motherboards.
BitLocker only accepts the Microsoft Windows PCA 2011 certificate to be used to sign early boot components that will be validated during boot. Any other signature present on boot code will cause BitLocker to use TPM profile 0, 2, 4, 11 instead of 7, 11. In some cases, the binaries are signed with UEFI CA 2011 certificate, which will prevent you from binding BitLocker to PCR7.
Msi default certificates is different.
more here:
-https://www.reddit.com/r/MSI_Gaming/comments/1g5qy2h/tpm_pcr7_binding_fails_due_to_abios_bug_that/
BitLocker-API events from eventvwr report that "BitLocker determined that the TCG log is invalid for use of Secure Boot. " and also "BitLocker cannot use Secure Boot for integrity because the expected TCG Log separator entry is missing or invalid."
I am using latest bios. Already tried resetting secure boot keys, clearing tpm.
TCG is invalid and that makes PCR7 unusable. This bug exist in msi motherboards.
BitLocker only accepts the Microsoft Windows PCA 2011 certificate to be used to sign early boot components that will be validated during boot. Any other signature present on boot code will cause BitLocker to use TPM profile 0, 2, 4, 11 instead of 7, 11. In some cases, the binaries are signed with UEFI CA 2011 certificate, which will prevent you from binding BitLocker to PCR7.
Msi default certificates is different.
more here:
-https://www.reddit.com/r/MSI_Gaming/comments/1g5qy2h/tpm_pcr7_binding_fails_due_to_abios_bug_that/