0X80290113

TPMAPI_E_INVALID_PCR_INDEX (0X80290113) fix

Windows Errors Intermediate 👁 1 views 📅 Jun 8, 2026

This error means Windows tried to use a TPM PCR index that doesn't exist. Here's how to fix it without rebuilding the system.

Quick answer for advanced users

Run tpm.msc to check TPM status, then clear TPM from UEFI/BIOS if BitLocker is off. Reset PCR settings in BitLocker or reinstall the TPM driver.

Why this happens

You'll see 0X80290113 - TPMAPI_E_INVALID_PCR_INDEX when Windows or an app asks the Trusted Platform Module (TPM) to read or write to a PCR (Platform Configuration Register) that doesn't exist. PCR indexes go from 0 to 23 on most systems. Some older TPM 1.2 chips only support 0–15. If your software tries PCR 24, or a driver miscalculates the index, you get this error.

I've seen this most often after a TPM firmware update gone wrong, a motherboard swap without clearing TPM, or when a BitLocker policy tries to seal a key to an invalid PCR. One real-world trigger: someone enables Hyper-V and runs a VM that uses TPM 2.0 passthrough, but the host TPM driver is from 2018.

Step-by-step fix

  1. Check TPM status
    Press Win+R, type tpm.msc, hit Enter. Look at Status – it should say TPM is ready for use. If it says Not supported or Disabled, go into your UEFI/BIOS (usually F2 or Del at boot) and enable TPM under Security or Advanced. On Dell Optiplex systems, it's under Security > TPM 2.0 Security On. After enabling, reboot and check again.
  2. Clear TPM (if BitLocker is off)
    In tpm.msc, click Clear TPM in the right panel. This resets all PCR values and keys. If BitLocker is on, do not clear TPM – you'll lose access to encrypted drives. Instead, suspend BitLocker first (manage-bde -protectors -disable C: in admin cmd), then clear TPM, reboot, and re-enable BitLocker. After reboot, the TPM will reinitialize with default PCRs.
  3. Update TPM driver
    Open Device Manager, expand Security devices. Right-click Trusted Platform Module 2.0, choose Update driver > Search automatically. If Windows finds nothing, go to your motherboard or laptop manufacturer's site – Dell, HP, Lenovo – download the latest TPM driver (often called TPM driver or Infineon TPM). Install, reboot.
  4. Reset PCR settings in BitLocker
    If you got the error while using BitLocker, open an admin Command Prompt. Type: manage-bde -protectors -get C:. Note the PCR profile listed (e.g., PCR 0,2,4,7). Then change it to a valid set: manage-bde -protectors -add C: -tpm -pcr 0,2,4,7,11. The number after -pcr must be 0–23, no duplicates. If the error persists, try -pcr 0,2,4,7 – that's the Windows default.
  5. Check event logs for the culprit
    Open Event Viewer (eventvwr.msc). Go to Windows Logs > System. Filter by source TPM or TPMAPI. Look for Event ID 1, 2, or 34 with error code 0X80290113. It usually lists the process that called the invalid PCR – something like svchost.exe or BitLocker.exe. Kill or update that process.

Alternative fixes if steps 1-5 fail

  • Reinstall TPM driver manually
    In Device Manager, right-click TPM device, select Uninstall device (check Delete driver software). Reboot – Windows will reinstall it. Warning: This might trigger BitLocker recovery key prompt if you haven't suspended it.
  • Boot into Safe Mode and clear TPM
    If the error happens during boot (e.g., at login), press F8 during startup, choose Safe Mode with Networking. Then open tpm.msc and clear TPM. Safe Mode loads minimal drivers, so the conflicting app won't interfere.
  • Check third-party software
    McAfee, Symantec, and some VPN clients (like Cisco AnyConnect) sometimes hook into TPM for certificate storage. Disable or uninstall them temporarily to see if the error stops. In my experience, Cisco AnyConnect Secure Mobility Client v4.10 has a known bug that sends PCR index 255, which is invalid. Update it to 4.10.07073 or later.
  • Reset TPM from UEFI firmware
    If Windows won't boot, reboot into UEFI menu (hold Shift while clicking Restart from login screen, then Troubleshoot > Advanced > UEFI Firmware Settings). Look for Security > TPM > Reset TPM or Clear TPM. On some HP ProBooks, it's Security > TPM Embedded Security > Reset to Factory Default. After reset, save and exit. This does the same as clearing from Windows, but from the hardware level.

Prevention tip

Never update TPM firmware from a third-party site – always get it from your PC maker. And if you're building a custom PC with a discrete TPM module (like an ASUS TPM 2.0 on a B450 board), check the module's spec sheet: some only support PCR 0–15. If your software needs PCR 23, you'll get this error every time. Stick to PCR 0, 2, 4, 7 for BitLocker – those work on all TPMs and cover the basics (boot files, bootloader, disk order).

Was this solution helpful?

TPMAPI_E_INVALID_PCR_INDEX 0X80290113 TPM error PCR index invalid Windows TPM error BitLocker PCR error TPM PCR index fix TPM initialization error TPM driver update TPM firmware update PCR 0-23 Windows 11 TPM error TPMAPI error fix TPM event log error