0X80280024

TPM_E_INVALID_KEYUSAGE (0x80280024) – Quick Fix for Key Usage Errors

Windows Errors Intermediate 👁 0 views 📅 Jun 10, 2026

This error usually pops up when BitLocker or a TPM-based app tries to use a key the wrong way. The fix is clearing and reprovisioning the TPM. Here's how.

You're Stuck on a TPM Key Usage Error

That error code — 0x80280024 — means the TPM sees your key but says 'nope, you can't use it that way.' It's annoying, but it's fixable in about 10 minutes.

The Fix: Clear and Reprovision the TPM

The culprit here is almost always a corrupted TPM state or a mismatch between the key's intended usage and what the TPM allows. Don't bother with driver reinstalls or registry hacks — they rarely help. Just clear the TPM and start fresh.

  1. Back up any BitLocker recovery keys first. Go to your Microsoft account or run manage-bde -protectors -get C: from an admin command prompt. Save the 48-digit key somewhere safe.
  2. Open the TPM Management Console — press Win + R, type tpm.msc, hit Enter.
  3. In the right pane, click Clear TPM. You'll be prompted to restart. Do it.
  4. On reboot, the system will re-initialize the TPM. You might need to press F1/F2 to accept the hardware change — depends on your motherboard.
  5. Once back in Windows, go back to tpm.msc. If it says 'The TPM is ready for use,' you're golden. If not, click Prepare the TPM.

That's it. The error should be gone. Test by running whatever app or feature threw it — BitLocker, Windows Hello, or a third-party encryption tool.

Why This Works

The TPM stores keys along with usage policies — things like 'this key can only sign data, not decrypt it.' When that policy gets corrupted or misconfigured, you hit 0x80280024. Clearing the TPM wipes all stored keys and policies, forcing a clean slate. The OS then re-creates the keys with correct usage flags.

Think of it like resetting a smart lock's memory because it forgot which keys open which doors. Crude but effective.

Less Common Variations

Sometimes the standard clear doesn't stick. Here are two twists:

BitLocker Recovery Loop

If BitLocker keeps asking for your recovery key after clearing the TPM, you need to re-attach the TPM protector. Run this from an admin command prompt:

manage-bde -protectors -enable C:

Then add the TPM protector back:

manage-bde -protectors -add C: -tpm

TPM Not Clearing via GUI

If tpm.msc gives you a grayed-out Clear button, use PowerShell:

Clear-Tpm

Or the command line tool:

tpmtool clear

Both require admin rights and a reboot.

On rare occasions, a TPM firmware update fixes persistent key usage errors. Check your motherboard or PC manufacturer's support page for a TPM firmware update tool. Lenovo and Dell both have them for their commercial lines.

Prevention

Once you've cleared the error, here's how to avoid coming back here:

  • Don't mess with TPM keys manually — that includes importing/exporting keys via tpmvscmgr or third-party tools unless you really know what you're doing.
  • Keep your TPM firmware updated — especially on newer systems with TPM 2.0. Firmware bugs are a common cause of usage policy corruption.
  • If you use BitLocker, always store recovery keys in Active Directory or your Microsoft account before any TPM-related change.
  • Watch for BIOS updates — some updates reset TPM state. If you update BIOS and get this error, clear the TPM again.

One last thing: this error is almost never a hardware failure. I've seen people RMA motherboards over this, only to get a replacement that threw the same error. Save yourself the hassle — clear the TPM first.

Was this solution helpful?

TPM_E_INVALID_KEYUSAGE 0x80280024 TPM error TPM key usage not allowed BitLocker TPM error clear TPM reprovision TPM Windows TPM fix TPM 2.0 error TPM 1.2 error TPM initialization TPM driver TPM firmware Secure Boot TPM TPM certificate