0X8028002D

TPM_E_BAD_PRESENCE (0x8028002D) Fix: Wrong physicalPresence Bits

Windows Errors Intermediate 👁 0 views 📅 May 26, 2026

This TPM error means the physical presence bits got corrupted. Fix it by clearing TPM via BIOS or Windows, then re-enabling it cleanly.

You're staring at the TPM_E_BAD_PRESENCE error, probably right when trying to enable BitLocker or update firmware.

That 0x8028002D code means the TPM's internal flags for physicalPresence or physicalPresenceLock got stuck in a bad state. I've seen this happen after a failed BIOS update, a motherboard swap without clearing TPM first, or even after a Windows feature update that didn't play nice with the TPM driver.

Had a client last month whose Dell OptiPlex refused to boot after a firmware update. The TPM was locked up tight. This same fix got them running in 10 minutes.

First Fix: Clear TPM from Windows (if you can boot)

  1. Open Windows Security > Device Security > Security Processor Details > Security Processor Troubleshooting.
  2. Click Clear TPM. You'll get a warning about losing keys. Accept it.
  3. Restart your PC. The system will prompt you to press a key (usually F12, F2, or Delete) to physically confirm the TPM clear. Do it.
  4. After reboot, TPM should reinitialize fresh. The error should be gone.

If you can't boot into Windows, skip to the BIOS method below.

Second Fix: Clear TPM from BIOS/UEFI

  1. Restart and mash the key to enter BIOS setup (usually F2, Del, or Esc).
  2. Look for TPM settings. On most modern systems: Security > TPM > Clear TPM or TPM State: Disabled.
  3. Some BIOSes require you to save and exit, then re-enter to re-enable TPM. Do that.
  4. Set TPM to enabled, save, and exit. The firmware will confirm the physical presence.
  5. Boot into Windows. Run tpm.msc to verify status says "The TPM is ready for use."
Pro tip: On HP business machines, the setting is under Security > TPM Embedded Security. Lenovo ThinkPads call it Security > Security Chip. Dell calls it Security > TPM 2.0 Security. The exact wording varies, but the logic is the same.

Third Fix (if neither worked): Reset physicalPresence via Command Line

Sometimes the GUI won't work. You need to force it from an admin command prompt. This is the nuclear option (requires reboot).

# Disable TPM temporarily
powershell -Command "Disable-Tpm"

# Then force clear
powershell -Command "Clear-Tpm"

# Reboot
shutdown /r /t 0

After reboot, re-enable TPM from BIOS. This scrubs the physicalPresence bits completely.

Why This Works

The TPM uses two bits to track if someone physically touched the machine during setup. The physicalPresence bit gets set when you confirm via BIOS prompt. The physicalPresenceLock bit prevents further changes until the next hardware reset. A corrupted firmware update or a half-baked driver can flip these bits incorrectly.

Clearing the TPM resets both bits to their default state. The TPM re-initializes with a clean slate. That's why you have to confirm physical presence again after a clear – the hardware needs to know you're actually there.

Less Common Variations

BitLocker Lockout

If BitLocker was active, clearing TPM will require your recovery key. Always back up your BitLocker recovery key before clearing TPM. I had a guy lose a month of data because he skipped this step. Don't be that guy.

Virtual Machine TPM

Running Hyper-V or VMware? The virtual TPM can also hit this error. In that case, shut down the VM, remove the virtual TPM device, boot the VM, shut it down again, and re-add the virtual TPM. Works like a charm.

Dual Boot with Linux

Some Linux distros (especially older ones) don't handle physicalPresence correctly. If you dual boot, clear TPM from Windows, then disable TPM in BIOS before booting Linux. Re-enable when you come back to Windows.

How to Prevent This

  • Always clear TPM before a motherboard swap or BIOS update. The new firmware might not understand the old presence bits.
  • Don't interrupt a firmware update. Let it finish, even if it takes 10 minutes. Power loss mid-update corrupts TPM bits almost every time.
  • Keep TPM firmware up to date. Most manufacturers release TPM firmware updates bundled with BIOS updates. Install them.
  • If you're using BitLocker, store the recovery key in your Microsoft account or a physical safe. You never know when you'll need it.

If you're still stuck after all this, the TPM chip might be physically damaged. That's rare – I've seen it twice in 15 years – but possible. In that case, it's time for a motherboard replacement.

Was this solution helpful?

TPM error 0x8028002D physicalPresence bits TPM_E_BAD_PRESENCE TPM clearing BIOS TPM reset Windows TPM management TPM not working TPM initialization TPM lock bit physicalPresenceLock BitLocker TPM error secure boot issue TPM 2.0 TPM 1.2