how old is your computer?
your bios might be out of date and it needs update
are you running windows 10 or 11?
what edition - it looks like enterprise? (some features will not work right on enterprise unless managed by active directory or intune or other management)
are you running windows 11 on compatible hardware (hardware that is from 2016 or before can not be compatible with tpm 2.0, it depends upon oem)?
that instance of windows shown in your image is not running in a virtual machine, is it?
run tpm.msc and check that tpm version 2.0 is available when running (for windows 11)
run devmgmt.msc and check security devices to confirm tpm is running
bitlocker has nothign to do with code integrity (for sure)
vitualization features need to be enabled in bios for code integrity
This article explains the steps to opt in to using memory integrity on Windows devices.
learn.microsoft.com
ok, i see, microsoft changed legacy code integrity to memory integrity, apologies for saying that code integrity and memory integrity are not connected
Memory integrity enablement
learn.microsoft.com
you already know the keys, settign the code intgreity key to 1 = enabled might displease you because you do not know why it is disabled, but that is the nature of information technology
Memory integrity enablement
learn.microsoft.com
to be certain, do a clean install of windows or restore from a known good backup image or reset your pc
you are obviously an advacnced user, did you play with group policy, did you mess with intune, apply mdac, did you do registry hacks, did you disable services, is the system domain joined - these and other advanced topics can all affect code integrity
if system domain joined then admin can disable code integrity
the code integrity disabled in the registry but showing as enabled in the windows gui is a known bug
the bigger problem is that the firmware protection is disabled, that firmware managed by administrator is an indication of an underlying problem\compatibility issue with hardware\tpm module if system is not managed by active directory\intune or other way
enable code integrity by setting registry key should enable firmware protection after system reboot
if you enable code integrity in registry and it is showing disabled in registry after system reboot then it can be any of a number of things, namely hardware issue