PIN code lost issue for OPAL SSD enable secureDOC Disk Encryption on SCPC Level2
Use OPAL SSD
Enter BIOS setup menu Disable "Block SID Authentication"
Ensure Secure Boot Enable
Set OS password
Install SecureDoc_64.exe
Input password and SSD Encryption, then system need to shutdown
Input secureDoc password enter OS
Set PIN code
Enter S4 then resume from S4
Found PIN code lost => problem
WinMagic Analysis: The Microsoft feature, Enhanced Sign-in Security (ESS), is based on Virtualization-Based Security (VBS) and Trusted Platform Module 2.0 from the BIOS. It is used to isolate and protect users' authentication data and secure the data communication channel.
Upon SecureDoc deployment, this feature sometimes stops working, with symptoms such as the PIN not being available or the fingerprint not being usable to log in at the Windows login screen. This indicates that the retrieval of the protected Windows Hello metadata is compromised. Most importantly, we found that this issue is not necessarily permanent. If you re-register your Windows Hello PIN and reboot, you can use your PIN from Windows Hello at the next login, indicating that the conflict is a one-time occurrence. We did not conduct further testing to see if this issue could happen again. This is not a SecureDoc issue, as SecureDoc is working as expected.
Unfortunately, we do not have a way to troubleshoot this issue between Windows Hello and ESS. It is reasonable to ask Microsoft to help pinpoint where and why the ESS PIN has been compromised.