TPM Modules can become locked when too many incorrect PIN attempts are made to access the information stored on the module. The number of failed attempts before lockout will vary depending on the TPM version (1.2 or 2.0) and in the case of TPM 2.0, the policies configured in the operating system.
If you have replaced the motherboard in your Bitlocker protected system and the new motherboard arrives with TPM provisioned, you may be locked out from TPM as you will likely not know the PIN, or you may not be able to re-provision the TPM for re-use.
When Locked Out
If you are locked out, you cannot enter the correct pin to remove the lockout. You then have three options:
When TPM is Unusable
When you can't take ownership of the TPM module or provision the TPM Module for use, follow these options:
Use these methods:
Clearing the TPM can be done one of four ways, each of which increase in complexity. Always log on with local Administrative rights before using these instructions.
If your BIOS does not have the option to clear the TPM, then you will need to clear the TPM using Windows.
Attempting to clearing the TPM without making any other Windows changes first, as in Step 2., may not be successful. This is because some versions of Windows have safeguards to prevent the accidental erasure of cryptographic information.
The first change to make if Step 2. is not successful is to change the Windows TPM Delegation Level.
Windows by default blocks the use of some TPM commands to prevent abuse. If the instructions in Step 2 do not work, you may need to de-restrict the TPM commands that can be used.