Hi!
I’ve encountered the same problem with Windows Hello.
When I boot my laptop (not Framework though, Dell XPS 14) I got an error 0xd000a002 and my Windows Hello PIN, Fingerprint and Face unlock does not work and I need to set them up again. If I then turn off the laptop and disconnect or connect eGPU (depending on if it was connected or not during Windows Hello setup) the error reappears.
I found out that Windows Hello store it’s keys in TPM. And apparently connecting/disconnecting eGPU triggers TPM hash change and invalidates Windows Hello keys or something.
You can check it your Windows Hello keys are stored in TPM with the following command in elevated Powershell:
certutil -csp “Microsoft Passport Key Storage Provider” -key -v | Select-String -Pattern “NgcKeyImplType”
If it outputs
NgcKeyImplType: 1 (0x1)
then Windows Hello keys are stored in TPM and we need to force Windows to store it on the disk. It’s less secure, but with eGPU apparently we dont have another option (apart from not using Windows Hello at all).
If you don’t use Bitlocker I think you can just delete PIN, disable TPM in BIOS and set up PIN again. With TPM disabled Windows can’t write keys to TPM and should store them on the disk.
You can check that with the same Powershell command.
If it outputs
NgcKeyImplType: 2 (0x2)
then Windows Hello keys are stored on the disk and you should be fine.
If you do use Bitlocker then you need to do the following (I did these steps and got it working, YMMV and you are doing it on your own risk):
- Remove Windows Hello.
- Suspend Bitlocker.
- Boot to BIOS and disable TPM.
- Boot to system and set up Windows Hello.
- Check with Powershell if Windows Hello keys are indeed stored on the disk now.
- Reboot to BIOS and enable TPM.
- Boot to system and resume Bitlocker.
HTH