Fix Un-allowed DMA capable bus/device(s) detected

Windows 8 and later has a function named “Device encrypt”, it allows windows to enable bitlocker for local disk automatically and unlock it at startup.

But if you are using a DIY rig or changed/added some hardware to your OEM machine, then this feature might be broken. So, we need to add those devices to the whitelist to reenable the feature.

Whitelist the devices

Check for driver updates in windows update before doing this. Because even though the devices that without a proper driver won’t show up in the device list, the system could detect its device ID that might not be listed in the whitelist.

  1. Open Regedit
  2. Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\
  3. Grant yourself access to modify the registry key
    1. Right-click AllowedBuses and go to Permissions
    2. Make yourself the owner
      1. Press Advanced
      2. Next to Owner, make note of what it says (mine said SYSTEM)
      3. Next to Owner, press Change
      4. Enter your username (eg your Microsoft account email address)
      5. Press OK
    3. Grant yourself access
      1. Press Add
      2. Enter your username (eg your Microsoft account email address)
      3. Press OK
      4. Select your user
      5. Tick Full Control
      6. Press OK
  4. Under AllowedBuses, create a new String Value
  5. Run the following PS script which generates a .reg file (with all found PCI devices) in tmp directory and then imports it silently
$tmpfile = "$($env:TEMP)\AllowBuses.reg"
'Windows Registry Editor Version 5.00

| Out-File $tmpfile
(Get-PnPDevice -InstanceId PCI* `
| Format-Table -Property FriendlyName,InstanceId -HideTableHeaders -AutoSize `
| Out-String -Width 300).trim() `
-split "`r`n" `
-replace '&SUBSYS.*', '' `
-replace '\s+PCI\\', '"="PCI\\' `
| Foreach-Object{ "{0}{1}{2}" -f '"',$_,'"' } `
| Out-File $tmpfile -Append
regedit /s $tmpfile

Restart your computer and enjoy the Device encrypt feature!

Leave a Reply