Description of problem: Bitlocker doesn't start to do encryption with fresh installed Win10 guest. But a reboot of the guest, bitlocker can start encryption. Version-Release number of selected component (if applicable): RHEL 8.3 Kernel: 4.18.0-234.el8.x86_64 qemu-kvm: qemu-kvm-5.1.0-2.module+el8.3.0+7652+b30e6901.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-3.el8.noarch libptms: libtpms-0.7.2-1.20200527git7325acb477.module+el8.3.0+7068+4e1b8df5.x86_64 swtpm: swtpm-0.3.0-1.20200218git74ae43b.module+el8.3.0+7648+42900458.x86_64 How reproducible: Steps to Reproduce: 1. Install a win10 guest (q35 + OVMF) 2. Attach vtpm device to win10 guest 3. Inside guest vm run commands: bdehdcfg -target c: shrink -newdriveletter s: -size 606 -quiet manage-bde -on c: reboot system as required. 4. Re-login guest vm after reboot, run command: manage-bde -status Actual results: Encryption is not started Pop up dialog with Bitlocker could not be enabled. (see attachment) BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. manage-bde -status Disk volumes that can be protected with BitLocker Drive Encryption: Volume C: [Windows] [OS Volume] Size: 29.62 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Key Protectors: None Found Expected results: Bitlocker can encrypt win10 guest without issue. Additional info: This issue only happens with refresh installed win10 guest. When reboot the guest vm again, and repeat the test steps, bitlocker can start disk encryption.
Windows 10 guest version 2004.
the attachment is missing. Have you checked the same steps on bare-metal?
Created attachment 1714430 [details] win10-bitlocker
No, I did not check on bare-metal host. But with tpm passthrough, we have this bz 1734505
This case doesn't seem pathological to me. How can we confirm this is not a guest OS issue if we don't do the same step on bare metal?
Hi, Marc-Andre, I tried this bug on RHEL.8.4.0 kernel: 4.18.0-260.el8.x86_64 qemu-kvm: qemu-kvm-core-5.2.0-2.module+el8.4.0+9186+ec44380f.x86_64 libtpms: libtpms-0.7.4-1.20201106git2452a24dab.module+el8.4.0+8855+a9e237a9.x86_64 swtpm: swtpm-libs-0.4.0-3.20200828git0c238a2.module+el8.4.0+8855+a9e237a9.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-4.el8.noarch RHEL.8.3.0: kernel: 4.18.0-240.7.1.el8_3.x86_64 qemu-kvm: qemu-kvm-core-5.1.0-16.module+el8.3.1+8958+410ab178.x86_64 libtpms: libtpms-0.7.4-1.20201106git2452a24dab.module+el8.3.1+8772+a3fdeccd.x86_64 swtpm: swtpm-0.4.2-1.20201201git2df14e3.module+el8.3.1+9074+e34e3b04.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-3.el8.noarch This bug is not reproduced. Bitlocker can encrypt win10 disk in guest. I close it for now. Thanks, Qinghua