UEFI problems: I have found that Bitlocker will not be able to use the enhanced PIN as specified in our GPO on the Thinkpad T420 when using UEFI. The problem lies in the BIOS (yes, it is still called the BIOS, even though it is UFEI) and it requires an updated version so that the keyboard keys are represented properly (alpha characters) during the boot phase of the startup. My T420 had version 1.24 of the BIOS, and version 1.25 seems to fix this issue. Here is a snippet of the Release Notes for 1.25: [more]
CHANGES IN THIS RELEASE
Version 1.25
[Important updates]
Nothing.
[New functions or enhancements]
- Added support for the Password Beep function.
- Increased the number of configurable boot devices by BootOrder option of
Windows WMI script.
[Problem fixes]
- Fixed an issue where the BitLocker function could not be enabled on Windows
64-bit.
- Fixed an issue where PXE boot might fail.
- Fixed an issue where the fingerprint authentication associated with some
password strings might fail.
- Fixed an issue where the Intel TXT feature might not be enabled when the
Security Chip was activated and the Intel TXT feature was enabled at the same
time by ThinkPad BIOS Settings Windows program.
- Fixed an issue where the Bluetooth wireless status indicator might be changed
after running Windows WMI script.