Thank you for your reply.  V17 latest build.  Win 11 latest build available to release preview ring.

The default options were selected when setup.  Had I been asked to specify a pw I would have made note of it.  I can't do anything with the VMs at all (not even settings).

Is there anything I can do to recover them?  TIA

I haven't used WS in a while as I mostly used virtual box up until about 6 months ago.

Assuming that the only thing that was changed was the BIOS on the Host . . . then . . .

i. does the host have a TPM ?

ii. If so, then suggest verifying that within the BIOS, it's enabled.

iii. Confirm that it is available and working within Host [Win 11] Device Manager under Security devices - Trusted Platform Module 2.0

iv. would also suggest that you review the associated documentation for the 'BIOS' update, to confirm prerequisites and whether it included an TPM update.

v. When you say "default options were selected when setup" please expand.

Thank you for your reply.  Windows updates have been installed in addition to the BIOS update.  I haven't used the VMs since July 20th.  I will check the items you have suggested.  Here is the update history:

Also, its an ASUS motherboard. The AMD TPM is being used and when I update the BIOS I have to suspend bitlocker on the OS volume so it does do something with the TPM each time the BIOS is updated.  Here is a screenshot of my device manager.

Just to confirm the answers to your questions:

i. Yes, host uses the AMD fTPM

ii. Confirmed enabled

iii Confirmed (see image above)

iv. Yes, each bios update resets the TPM.  So what I have to do on the host system is suspend bitlocker on the OS volume during the update otherwise the OS volume locks and requires a recovery code.  I believe I fixed this behavior just now by changing a bios setting NOT to "reset TPM when new CPU installed".  I think what was happening is when the BIOS was updated it thinks a new CPU is installed and clears the TPM.  Because its an fTPM though this could be normal behavior when a BIOS update is installed...but I would think not.

v. honestly I don't recall enough to expand on this.  I don't recall performing any special configuration ( I would remember that).

I think its safe to assume the fTPM was reset when the BIOS update was performed.  Is there any way to recover these VMs at this point?  Two of them are really important and I don't want to lose those.

By any chance was this VM created under Workstation 16.2, and used the "experimental" vTPM implementation?

If so, I'm thinking that the oh-so-broken-and-should-never-be-used "experimental" TPM implementation of that release is at the root of this issue,  Two of the major deficiencies in the 16.2 experimental vTPM implementation were that

• the encryption key is auto-generated and not able to be displayed
• the VM can not be moved to another host

I'm beginning to suspect that that auto-generated encryption password is based on the BIOS UUID (or something similar in the system's firmware). Changing the BIOS may have updated whatever that vTPM implementation is basing its encryption key on (perhaps a BIOS UUID), which would be the equivalent of moving the VM to another machine. 

No this has been on v17 since I moved from Vbox about six months ago.  I do agree that's what's going on.  I will also note that I'm using the firmware TPM built into my Ryzen CPU.  Upgrading the bios also breaks bitlocker on the host OS volume after a BIOS update.  I work around that by suspending bitlocker on the OS volume, updating the BIOS, and then it auto resumes bitlocker on reboot.  This is a custom built system with an Asus motherboard.  I'm going to leave the vTPM off the guests so this doesn't happen again.  In theory, I should be able to keep the vTPM but would need to remove it before updating BIOS and then add it back after the update.