0X80280028

TPM_E_BAD_KEY_PROPERTY (0x80280028) Fix

Windows Errors Intermediate 👁 0 views 📅 May 26, 2026

This error hits when Windows can't use a TPM key because its properties don't match what the chip supports. It's common after firmware updates or hardware swaps.

When This Error Shows Up

You're most likely to see TPM_E_BAD_KEY_PROPERTY (0x80280028) in two real-world situations. First, right after you update the TPM firmware — maybe through Windows Update or a motherboard BIOS update. Second, when you swap a TPM module on a desktop board, or move a hard drive with BitLocker to a different machine. I've also seen it on laptops coming out of repair where the mainboard was replaced but the old TPM keys weren't cleared.

The error pops up in the Windows Event Viewer under System logs, source TPM, or when you run tpmtool or Get-Tpm in PowerShell. If you're using BitLocker, you might get a prompt saying the TPM is unusable and you need to enter the recovery key.

Root Cause in Plain English

Your TPM chip stores keys in a specific format — that's the TPM_KEY_PARMS structure. It defines things like the key algorithm (RSA vs ECC), key size (2048-bit vs 3072-bit), and usage flags (signing vs encryption). The 0x80280028 error means the key you're trying to load has properties that the current TPM firmware doesn't support.

Why would that happen? Two common reasons:

  • Firmware mismatch: Your TPM had a set of keys created under an older firmware version. After updating, the new firmware rejects those keys because the property definitions changed slightly.
  • Hardware swap: You moved a TPM key blob (like for BitLocker) from one TPM chip to another. But TPMs are tied to the specific chip — key properties often include the chip's unique endorsement key hash. Different chip, different properties, error thrown.

The fix isn't to edit the key properties (you can't — they're signed by the TPM). The fix is to clear the TPM and let it create fresh keys with the current firmware's supported properties.

Step-by-Step Fix

Important warning: Clearing the TPM removes all keys. That includes BitLocker startup keys, Windows Hello biometric data, and any virtual smart cards. Have your BitLocker recovery key ready before starting. You can find it in your Microsoft account under Devices > BitLocker recovery keys, or on the printout you saved during setup.

Step 1: Backup BitLocker Recovery Key (if used)

  1. Press Windows Key + R, type bitlockerwizard, and press Enter.
  2. In the BitLocker Drive Encryption window, click Back up your recovery key.
  3. Choose Save to a file or Print the recovery key. Save it somewhere safe — not on the encrypted drive itself.
  4. After saving, close the window.

Expected outcome: You have a file or printout with a 48-digit recovery key. Keep it accessible.

Step 2: Clear the TPM Using Windows Settings

  1. Open Settings (Windows Key + I).
  2. Go to Update & Security > Windows Security > Device security.
  3. Under Security processor, click Security processor details.
  4. Click Security processor troubleshooting.
  5. Click the Clear TPM button.
  6. A confirmation dialog appears. Click Clear and then Restart.

Expected outcome: Your PC restarts. The TPM resets to factory state. You'll see a message during boot: "TPM cleared. Press any key to continue." Press a key.

Step 3: Reinitialize TPM in BIOS (if Step 2 fails)

Sometimes Windows Settings can't clear the TPM — especially on older firmware. Here's the manual way:

  1. Restart your PC and press the key to enter BIOS/UEFI setup. Common keys: F2, Del, F10, Esc. Watch the screen during boot for a message like "Press F2 to enter Setup".
  2. Find the TPM settings. They're often under Security > TPM or Advanced > Trusted Computing. On Dell systems, look under Security > TPM 2.0 Security.
  3. Select Clear TPM or Reset TPM. The exact wording varies. Some BIOS have a button that says "Clear" next to the TPM state.
  4. Confirm the clear. Save changes and exit (usually F10).
  5. The PC reboots. Again, you'll see the "TPM cleared" prompt. Press any key.

Expected outcome: TPM is now empty. Windows will auto-initialize it on next boot.

Step 4: Re-enable BitLocker (if you use it)

  1. After the TPM clear, Windows may prompt you to set up BitLocker again. If not, open Control Panel > System and Security > BitLocker Drive Encryption.
  2. Click Turn on BitLocker for your system drive.
  3. Follow the wizard. It will ask for a recovery key — use the one you backed up in Step 1? Actually no. The old recovery key is tied to the old TPM. The wizard will create a new recovery key. Save it separately.
  4. Let encryption complete. This can take anywhere from 20 minutes to a few hours depending on drive size.

Expected outcome: BitLocker is active with the new TPM. No more error 0x80280028.

What to Check If It Still Fails

If the error persists after clearing the TPM, here's where to look next:

  • TPM driver in Device Manager: Open Device Manager, expand Security devices. Right-click Trusted Platform Module 2.0 and choose Update driver > Search automatically for drivers. If that finds nothing, go to your motherboard or laptop manufacturer's support page and download the latest TPM driver manually.
  • BIOS TPM state: Reboot into BIOS and check that TPM is set to Enabled or Firmware TPM (fTPM) on AMD systems. Don't set it to "Discrete TPM" if you have a firmware TPM. Wrong setting = wrong key properties.
  • Third-party security software: Some antivirus or encryption tools (McAfee Endpoint Encryption, Symantec Drive Encryption) manage TPM keys independently. Uninstall them, clear TPM again, then reinstall after verifying the error is gone.
  • Windows integrity check: Run sfc /scannow in an elevated command prompt. Then run dism /online /cleanup-image /restorehealth . Corrupted system files can cause TPM communication issues that look like key property errors.
  • Hardware TPM replacement: On rare occasions, the TPM chip itself is faulty. If you're using a discrete TPM module (plugged into a motherboard header), try reseating it or replacing it. For firmware TPM (fTPM on AMD, Intel PTT), update the BIOS to the latest version from the manufacturer's website.

I've personally fixed dozens of these by just clearing the TPM and rebooting. The key properties error is almost always a stale key that Windows should have flushed but didn't. Don't overthink it. Start with the clear, move to driver updates, then check hardware if you're still stuck.

Was this solution helpful?

TPM_E_BAD_KEY_PROPERTY 0x80280028 TPM error key properties not supported TPM_KEY_PARMS Windows TPM error BitLocker TPM error TPM chip compatibility clear TPM TPM firmware update Secure Boot error TPM initialization Windows security error TPM driver fix TPM reset