cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
STMoist
Punch Card
Posts: 20
Registered: ‎07-21-2016
Location: US
Views: 6,470
Message 1 of 7

T470 Bitlocker Problem - Windows 7

We have begun deploying T470 laptops. Everything has been set up exactly the same as the T460 model we used previously. With the T470, after imaging with SCCM, the sytem asks for a BitLocker recovery key after each reboot. We have tried suspending BitLocker (per Windows recommendation), rebooting, and re-enabling, to no avail. I then turned off BitLocker, and after decryption, tried to turn it back on, at initial reboot (before encrypting) still prompts for BitLocker Recovery Key, then when I get to Windows, it tells me there is a hardware/firmware issue.

 

Would Windows 7 64-bit, which does enable TPM 2.0, work in this case?

 

T470 20JM000CUS - Skylake processor

Windows 7 32-bit

Successfully captured image with SCCM 2016

UEFI - tried both factory version (1.30) and latest (1.32)

Security Chip settings - TPM 1.2 Active Disabled Enabled

Secure Boot disabled

UEFI/Legacy Boot - both Legacy First

 

Thanks for any suggestions!

Lenovo Employee rechols
Lenovo Employee
Posts: 204
Registered: ‎06-02-2015
Location: US
Views: 6,453
Message 2 of 7

Re: T470 Bitlocker Problem - Windows 7

STMoist
Punch Card
Posts: 20
Registered: ‎07-21-2016
Location: US
Views: 6,439
Message 3 of 7

Re: T470 Bitlocker Problem - Windows 7

Thanks for the quick reply, rechols! I did post a reply in that thread. We, however, are starting out out with TPM 1.2 (never tried 2.0, as Win7-32 does not support it), and are not looking to roll back to it.
Lenovo Employee rechols
Lenovo Employee
Posts: 204
Registered: ‎06-02-2015
Location: US
Views: 6,412
Message 4 of 7

Re: T470 Bitlocker Problem - Windows 7

As you are deploying Win 7 32bit and therefore Legacy MBR in BIOS, the following thread applies to your issue and in that thread it was acknowledged that the issue you are experiencing will be fixed in a future BIOS - which has not been released.

https://forums.lenovo.com/t5/Enterprise-Client-Management/T470-20JN-Bitlocker-Problem-with-PCR-5-and...
STMoist
Punch Card
Posts: 20
Registered: ‎07-21-2016
Location: US
Views: 6,399
Message 5 of 7

Re: T470 Bitlocker Problem - Windows 7

Thanks, I saw that thread as well, was hoping it was fixed in the BIOS released 7/30/17 (1.32), same error.

Lenovo Employee rechols
Lenovo Employee
Posts: 204
Registered: ‎06-02-2015
Location: US
Views: 6,395
Message 6 of 7

Re: T470 Bitlocker Problem - Windows 7

I will double check but looking at the readme for the 1.32 BIOS/UEFI it did not address this issue. Usually the turnaround time for testing and qualifying a fix like that will take some time and the 1.32 update was realeased less than a week after the problem was confirmed to be a BIOS issue.

Hopefully the update will be released soon.
Lenovo Employee rbkirk
Lenovo Employee
Posts: 798
Registered: ‎02-20-2009
Location: US
Views: 6,355
Message 7 of 7

Re: T470 Bitlocker Problem - Windows 7

Also, if deploying W7 32bit, be sure to change the Thunderbolt Security Level to "Displayport and USB" under BIOS settings > Config > Thunderbolt 3.

 

Or there will be pain...

 

I'm not sure if PCIe drives are supported by W7 32bit or not...that may have been changed with the more recent BIOS. In any event, it appears your MTM uses a traditional SATA spinning drive, so this should not be an issue. But if you go Solid state, and continue to want to deploy W7 32bit, you should probably only use a SATA SSD, NOT a PCIe NVMe drive.

 

Check out current deals!


Shop current deals

Top Kudoed Authors