Bitlocker and the AMD Ryzen AI 9 HX 370 will not enable

Computer - Ryzen HX 370 AI 9 (FW 13)
Samsung SSD 970 2TB
64GB memory
OS Name: Microsoft Windows 11 Pro
OS Version: 10.0.22631 N/A Build 22631
BIOS Version: INSYDE Corp. 03.03, 3/10/2025 (LFK30.03.03)
Network Card(s): 2 NIC(s) Installed.
[01]: RZ616 Wi-Fi 6E 160MHz

Hello all,

I replaced a Ryzen 7840u recently and migrated an image from Macrium Reflect 8 when I first bought the machine. Naturally, I had to key in the bitlocker key to get the image to run on the drive. I noticed that windows had already activated on the new machine. I then updated the Bios for the AI 9 and the drivers using the Ryzen AI 300 driver pack.

Yesterday, however, I decided to do a fresh install of windows 11 on the Ryzen AI 9. After getting windows installed and putting in the Ryzen AI 300 series driver pack, I noticed that my bitlocker was “OFF” and when I tried enabling it, I got the error “an internal error was detected”. I went into the bios and clicked the slider to clear TPM and then went back into Windows and could not enable Bitlocker.

I tried reinstalling Windows 11 and was met with the same results.

I contacted Microsoft (was on the phone actively for about an hour and they had me clear the TPM (again) check that secure boot was on, check the EFI partition (“Healthy” using Diskmgt), verify that Bitlocker services were running (services.msc= Bitlocker services = “Active”), and verify that Windows Recovery Environment (WinRE) was enabled.

The system did not change behavior and I was told to check with the laptop manufacture.

I also reset the Bios as well as the secure boot to factory state. (no impact on behavior)

Last night, I reached out to framework support and they had me verify specs of my system using “Systeminfo” through the administrator command prompt. They also had me Chkdsk (no errors), and reinstall the TPM driver through the control panel device manager. They also had me run “sfc /scannow”. This last report yielded a message that there were some corrupt files but were repaired and there was a “CBS” log that was produced. I sent that to Framework support and have not heard anything regarding those errors.

This morning, I was contacted by Framework again and was instructed to try to enable bitlocker manually through the admin CMD prompt using the command :" manage-bde -on C: -RecoveryPassword. This time, I got the same “internal error code was detected” but with in the command prompt screen. It also gave me a code “0x80290107” which looks like the TPM in Bios is disabled?

When I check the TPM in BIOS, “TPM Operation” is set to “no operation”. I tried changing it to “Enabled”, hit the F10 key to save. When I go into windows, I still get the same error and going into bios, the TPM operation is set back to “no operation”.

Back in windows- within the control panel, under “manage bitlocker”, in the right corner, it has the little shield that says “TPM administration”. When I click it, a window “TPM Managment on local computer” opens and the status says “The TPM is ready for use”. Available options says “You may clear the TPM to remove the ownership and reset the TPM to Factory Defaults”. When I click to clear the TPM, I get a restart prompt and the system restarts, but I still get the same behavior…Bitlocker will not start or enable and it throws the same “internal error detected”.

Does anyone have any suggestions or have similar issues? For all of the Ryzen AI 9 owners out there, can you check to see that your bitlocker is enabled within windows 11 ok?

Thanks

Woot.

Hi @Plexboy,

You have done a lot of troubleshooting already. Framework support will likely be the best avenue. I have not read about others having an issue with the AI boards yet and bitlocker. I am curious if because you initially used Macrium to migrate your old image to your new mainboard if that is having an issue on Microsoft’s end that is linked to your Microsoft account? I am not sure how you would test this as the Bitlocker option only shows after activation of a Pro license if I remember right.

I do know the newer installs of Windows 11 enable Bitlocker by default upon installation so it the keys can be migrated over as soon as it is activated.

With regard to what you are seeing in the BIOS. “No operation” means that there is not pending task the TPM module will do upon exiting the BIOS. Using the UEFI does not give live access to the TPM, it only queues commands and instructions to be pushed to the TPM.

Hence, when you kept setting it to “Enable” it was already enabled, and you noticed no change. Someone with deeper Bitlocker and Windows understanding might have a better way to test where it is being hung up at and why you are getting the error codes you are. Sadly, the TPM and Bitlocker is not as grand and polished as it likely should be. Let us know how things turn out.

I want to add that today, i swapped out the hdd (still samsung..990?) Which was in my 7840 and does encrypt in that r7 machine,
…reinstalled windows, migrated to another avail. License i had…and still no success… thanks for your input…im running out of variables! Still same behavior and errors. My support ticket got escalated but i was told that response. Slows down at this stage…

@Destroya
Hello Destroya.

I am only pinging you on this because i do see you active on reddit (I didnt post there,but you are very helpful) and I wanted some visibility in this.

I have this ticket open and it got escalated once. I understand through workload, that turnaround time will (and has) slowed down.

What I wanted to know about is that I will be out on a business trip soon and will be gone for almost a month without access to the laptop that needs further troubleshooting. I was wondering if there was a process to put tickets on pause until i can respond to any questions/troubleshooting that the support staff may have.

Please advise.

Thanks

Plexboy