Surface Go TPM PIN/PBA Issues

Anonymous
2019-01-31T12:43:35+00:00

Hi all,

I work for a charity housing association and we have purchased a Surface Go to trial, in the hope of rolling them out to our mobile workers.

I have attempted to encrypt the machine multiple times with Sophos Safeguard, and just plain old BitLocker, with no success.

I'm hitting a brick wall with setting the TPM PIN as Windows repeatedly advises that there is no pre-boot keyboard.

I have attempted this with a USB keyboard attached, I have made changes to local GP to force PBA (verifying that the values are correct in registry), I have attempted to set the PIN via Powershell with the following: 

"manage-bde -protectors -add C: - TPMandPIN" and whilst this allows me to enter a PIN, it fails due to the lack of a pre-boot keyboard.

I had abandoned the idea of encrypting this device until I saw the latest UEFI update for the GO, which specifies:

"1.0.10.0 improves system security and stability and ensures display of the On-Screen Keyboard during BitLocker unlock prompts at boot. "

After installing the update, the issue is still presented. I'm now unsure how to proceed. If I can't encrypt this machine with a PIN, due to GDPR, we're left with what is effectively a very pretty paperweight.

Any help is appreciated!

Surface | Surface Go | Safety and security

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments No comments

2 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  2. Barb Bowman 80,795 Reputation points MVP Volunteer Moderator
    2019-01-31T13:54:37+00:00

    Was this answer helpful?

    0 comments No comments