Windows 11 Home Device Encryption not available PCR7 binding is not supported Swift 3 SF313-53

Hi,
I have a new Acer Swift 3 SF313-53 which I upgraded to Windows 11. I cannot enable device encryption (I know BitLocker is not compatible with Windows Home but I should be able to use the more basic device encryption in windows 11 home).

When Looking in "system", the "Device Encryption Support" states "Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA-capable bus/device(s) detected, Disabled by policy"

The BIOS has TPM and UEFI both enabled and I assume the laptop support TPM2.0

Can anyone offer advice as to why device encryption is not available on this laptop please?

//Edited the content to add model name.

Accepted answers

billsey

It does look like Device Encryption should be available in Windows 11 Home. Here are some reasons why it might not be offered to you:

PCR7 link not supported: Secure Boot is probably disabled.
Unauthorized DMA-compatible device/bus detection: Secure Boot is probably disabled, enable it in the UEFI settings. Otherwise, one of your peripherals exposes your PC to unauthorized access to memory.
Hardware Security Test Interface Failed: Your PC has not passed the Hardware Security Test Interface (HSTI) tests which verify if a device is properly configured to use the security features of Windows 11.

Those are in addition to the potential that TPM isn't installed or enabled... Do you have Secure Boot enabled in the BIOS?

All comments

billsey

My guess is Microsoft is closing loopholes in W10 that allowed you to do that with the Home version.

CCG

Microsoft does offer encryption on their home product, its essentially a cut down version of bit locker so it's part of their official product offering.
I am trying to find what is preventing it from working.
Thank you for the feedback thoigh

billsey

It does look like Device Encryption should be available in Windows 11 Home. Here are some reasons why it might not be offered to you:

PCR7 link not supported: Secure Boot is probably disabled.
Unauthorized DMA-compatible device/bus detection: Secure Boot is probably disabled, enable it in the UEFI settings. Otherwise, one of your peripherals exposes your PC to unauthorized access to memory.
Hardware Security Test Interface Failed: Your PC has not passed the Hardware Security Test Interface (HSTI) tests which verify if a device is properly configured to use the security features of Windows 11.

Those are in addition to the potential that TPM isn't installed or enabled... Do you have Secure Boot enabled in the BIOS?

CCG

Thanks billsey,
I will have a look at secure boot in the bios. If that's enabled because I don't have any connected peripherals I will have to assume acer just hasn't supported it. Fingers crossed