Showing results for 
Search instead for 
Did you mean: 
Paper Tape
Posts: 1
Registered: ‎11-28-2016
Location: CA
Views: 2,664
Message 1 of 2

ThinkPad e460 Bitlocker could not be enabled



(This has happened on a couple of these new machines) Windows 10 Enterprise.

Secure boot disabled, EUFI (both) Legacy first

Harddrive set to first boot device

PXE boot imaged (SCCM)

I enabled bitlocker and setup the computer, AD environment, connected it to a dynadock finished machine config. Deployed it to user and a noticed shortly afterwards that upon startup it is asking for recovery key. I suspend/reboot and enabled bitlocker. Reboot asks again for the key. I messed with BIOS settings galore. Finally decrypted cleared keys, took ownership and prepared the TPM. It said it was ready to work but in reduced funtionality?

Attempted to encrypt, did the Bitlocker system check, reboot and got the Bitlocker could not be enabled, the encryption key could not be obtained from the trusted platform module.


Any advice would be much appreciated.


Lenovo Staff
Lenovo Staff
Posts: 5,471
Registered: ‎10-29-2009
Location: NC
Views: 2,610
Message 2 of 2

Re: ThinkPad e460 Bitlocker could not be enabled

If you are using TPM 2.0, the system must be configured to boot in UEFI mode.


How to check the TPM version:  run tpm.msc and check "Specification Version" under "TPM Manufacturer Information".

How to check UEFI/legacy boot mode:  run msinfo32 and check what is listed for "BIOS mode" in the right-hand panel.


Based on your description is sounds like you are using TPM 2.0 on legacy boot mode, which will not work.

You really should be deploying Win10 in UEFI mode with Secure Boot.

Check out current deals!

Shop current deals

Top Kudoed Authors