Windows 11 device encryption option vanished after BIOS update

a couple days ago I have updated to firmware 3.05 on my fw 13 amd. I have updated the BIOS using fwupdmgr on Fedora 39 and there was no issue during the process. However, on Windows 11 I noticed that the Device Encryption option has vanished. I have so far checked the following things:

System Information
Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA-capable bus/device(s) detected, WinRE is not configured

PCR7 Configuration: Binding Not Possible

Secure Boot State: On


powercfg /a
As far as I understand, PCR7 requires S0 to be supported, which is the case, confirmed by powercfg /a.

Reports the TPM is available.

BIOS settings
Secure Boot is enforced
TPM 2.0 (MSFT) is enabled and set to available

I have read that e.g. Lenove firmware updates disable Secure Boot during updating and sometimes do not re-enable it, but both the BIOS and Windows report Secure Boot to be enabled.

Does anyone know how to resolve this? Thanks in advance!

Note: I have already posted this under the thread of the 3.05 release, but thought it might deserve its own topic.

Edit: Typo in TPM version

Does it still work with the 1.1, i thought it required TPM 2.0, or is that a typo?

You are correct. This is a typo. The BIOS reports TPM 2.0 (MSFT)

To me the state of the TPM and / or Secure Boot just changed. Windows is probably not offering anything because it can’t determine if those devices are trusted.

I really don’t have any idea on how to restore it to Windows. Seems like Fedora might be the one leveraging the TPM now?

Have you rebooted since this? Are you using anything non-Microsoft on the boot process?