How to fix error 0x80280007 (the TPM is disabled)

This blocks BitLocker because the Trusted Platform Module is turned off in firmware. The fix is almost always a quick UEFI setting, not a hardware fault. Jump to your situation below or work through the methods in order.

By Neeraj Singh ~6 min Updated Jun 2026 96% found this helpful

What this error means

Error 0x80280007 is a firmware setting, not a broken part. The Trusted Platform Module (TPM) is a small security chip that stores the keys BitLocker uses to lock and unlock your drive. The code TPM_E_DISABLED means the chip is physically present but switched off, so Windows cannot talk to it. BitLocker then refuses to encrypt the drive.

It appears most when you try to turn on BitLocker, and sometimes during a TPM operation in tpm.msc or PowerShell. A common trigger is a BIOS update, a CMOS or BIOS reset, or a motherboard swap, any of which can return the TPM to its default off state. Re-enabling it in firmware usually clears the error in minutes.

Common causes

The TPM is switched off in the UEFI or BIOS firmware.

A BIOS update, CMOS reset or firmware default that turned the TPM off.

A motherboard or CPU swap that reset the TPM state.

Intel Platform Trust Technology (PTT) or AMD fTPM is set to disabled.

An outdated BIOS that mishandles the TPM.

The BitLocker Drive Encryption service is not running.

The PC genuinely has no TPM, so BitLocker needs a workaround.

✓ How to fix it

Method 1

Enable the TPM in your UEFI or BIOS

1Restart the PC and enter UEFI or BIOS setup by tapping the setup key during boot (often Del, F2, F10 or F12, check your PC maker).

2Find the security or advanced section and turn on the TPM. On Intel it is usually PTT (Platform Trust Technology), on AMD it is fTPM, or it may be listed as Security Device or TPM Device, set to Enabled.

3Save and exit (often F10), let Windows boot, then try BitLocker again.

Method 2

Confirm the TPM is ready in Windows

1Press Win + R, type tpm.msc and press Enter.

2Check the status reads The TPM is ready for use. You can also run this in an admin terminal:

manage-bde -status

3If it still shows the TPM as not ready, recheck the BIOS setting or update the firmware below.

Method 3

Update your BIOS or UEFI firmware

1Note your PC or motherboard model, then download the latest BIOS from the maker (Dell, HP, Lenovo, ASUS and so on).

2Install it following their instructions, with the laptop on mains power. A current BIOS often fixes TPM handling.

3After the update, re-enter UEFI and confirm the TPM (PTT or fTPM) is still set to Enabled.

Method 4

Update the TPM driver

1Press Win + R, type devmgmt.msc and press Enter.

2Expand Security devices, right-click Trusted Platform Module 2.0 and choose Update driver, then Search automatically.

3Reboot and try BitLocker again.

Method 5

Start the BitLocker Drive Encryption service

1Press Win + R, type services.msc and press Enter.

2Find BitLocker Drive Encryption Service, set Startup type to Automatic and click Start.

3Close services and retry turning on BitLocker.

Method 6

Turn on BitLocker without a TPM

1If your PC has no TPM, or you cannot enable it, you can use BitLocker with a password or USB key instead. Press Win + R, type gpedit.msc and press Enter.

2Go to this policy location:

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

3Open Require additional authentication at startup, set it to Enabled, tick Allow BitLocker without a compatible TPM, click OK, then start BitLocker again.

Method 7

Clear the TPM (last resort)

1Clearing the TPM erases its stored keys and can lock a BitLocker drive, so first confirm your BitLocker recovery key is saved to your Microsoft account.

2Open tpm.msc, choose Clear TPM on the right, and follow the restart prompts.

3After it reboots, the TPM reinitialises and you can enable BitLocker again.

After a BIOS update, reset or hardware swap? Any of these can return the TPM to its default off state, which is the usual cause of 0x80280007. Re-enter UEFI, turn the TPM (PTT or fTPM) back on with Method 1, save and reboot. Your data and existing encryption are not affected by toggling the setting back on.

Frequently asked questions

What does error 0x80280007 mean?

It is TPM_E_DISABLED. The Trusted Platform Module on your PC is present but switched off in firmware, so BitLocker cannot use it. Enabling the TPM in UEFI clears it.

How do I enable the TPM?

Enter your UEFI or BIOS setup at boot, find the security section, and set the TPM, PTT on Intel or fTPM on AMD, to Enabled. Save, reboot and check tpm.msc reads as ready.

Why did 0x80280007 appear after a BIOS update?

Firmware updates and CMOS resets often return the TPM to its default off state. Re-enable PTT or fTPM in UEFI and the error clears.

Can I use BitLocker without a TPM?

Yes. Through Group Policy you can allow BitLocker without a compatible TPM and unlock the drive with a password or USB key at startup instead.

Will enabling or clearing the TPM delete my data?

Simply enabling the TPM does not touch your files. Clearing the TPM erases its keys and can lock a BitLocker drive, so save your recovery key first.

Is 0x80280007 a hardware fault?

Almost never. The chip is usually fine and just disabled in firmware. A true hardware fault is rare and would show no TPM at all in tpm.msc.

Still not working?

If none of the methods above resolve it, your TPM may be faulty or hidden by firmware. Check whether it appears at all in tpm.msc, update the BIOS, and on a managed work PC contact your administrator. You can also submit your error to us for a tailored fix.

Was this fix helpful? Thanks for your feedback!