Configuring TPM Firmware Version

Similar documents
HP Manageability Integration Kit HP Client Management Solutions

HP Manageability Integration Kit HP Client Management Solutions

HP PC Commercial BIOS (UEFI) Setup

LENOVO THINKSTATION P520C, P520, P720, & P920 WINDOWS 10 INSTALLATION

Improve productivity with modernized PCs and Windows 10. Christopher Choong, DTM Field Marketing Manager

Using GIGABYTE Notebook for the First Time

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

Instrument Software Update Instructions

Windows 8 Uefi Bios Update Step By Step Guide Msi Usa

BIOS Update Release Notes

How to Clear TPM HW on HP Personal Systems

LENOVO THINKSTATION P520C, P520, P720, & P920 WINDOWS 7 INSTALLATION

Battery Safety Mode. HP ProBook 645/655 G3 Notebook PC. HP ZBook Studio G4 Mobile Workstation. Copyright 2018 HP Development Company, L.P.

Table of contents. Technical white paper HP Elite Dock with Thunderbolt 3 & HP ZBook Dock with Thunderbolt 3 Features and troubleshooting

Using GIGABYTE Mini-PC for the First Time

Instrument Software Update Instructions. X-Series Multi-touch instruments

BIOS Update Release Notes

Using GIGABYTE Notebook for the First Time

TPM 1.2 Firmware Update Guidance. for Infineon SLB9655 and SLB9660

RAID Setup. RenderCube XL Rev. 2 Single CPU

Using GIGABYTE Notebook for the First Time

System information update for system board replacement events

BIOS Crisis Recovery. (BIOS Recovery / Restoring the BIOS / Crisis BIOS Recovery (CBR) PPS-CSS EMEA Category Support ATS Computing June 2017

BitLocker Encryption for non-tpm laptops

Tactics, Techniques and Procedures (TTP): BitLocker End-User Guide

HP Image Assistant. User Guide

BIOS Update Release Notes

Using GIGABYTE Notebook for the First Time

PREPARING SERVER5 FOR OS

HP2-H14. Servicing HP Retail Point of Sale Solutions.

BIOS Update Release Notes

WES7 OS Recovery User Guide (Ver1.00) OS, Driver

HP 2018 commercial desktop portfolio

Protecting your data with Windows 10 BitLocker

HP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017

Firmware Update Guide

Full file at Chapter 2: Securing and Troubleshooting Windows Vista

Using GIGABYTE Notebook for the First Time

Technical Tip How to Perform a System Recovery

Using GIGABYTE Tablet PC for the First Time

BIOS Update Release Notes

STEP 1: PREPARE FOR DATA MIGRATION 1. Right-click the desktop and choose New > Folder. a. Type For Transferring and press Enter to name the folder.

Using AORUS Notebook for the First Time

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

BIOS Update Release Notes

Using GIGABYTE Notebook for the First Time

JetFlash User s Manual

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

Release notes for Version of HMX Extenders

Updating E2 Controller Firmware Using UltraSite32

Using GIGABYTE Notebook for the First Time

Using GIGABYTE Notebook for the First Time

Firmware Implementation Techniques to Achieve Windows 8 Fast Boot

Guide to SATA Hard Disks Installation and RAID Configuration

Lenovo Imaging Checklist

Management and Printing User Guide

Fix Three Common Accounting Firm Data Vulnerabilities

Do A Manual System Restore On Windows 8 Hp

HP ELITEBOOK HDD REPLACEMENT E-BOOK

HP VMware ESXi and vsphere 5.x and Updates Getting Started Guide

Using GIGABYTE Notebook for the First Time

OFFICE SPACE REDEFINED REDUCE DESK CLUTTER SAVE TIME EXPAND DEVICE CONNECTIVIT Y

Using GIGABYTE Tablet PC for the First Time

BIOS Update Release Notes

RAID Configuration. Workstation W60 Rev5

TechDirect User's Guide for ProDeploy Client Suite

AMD RAID Installation Guide

Symantec Encryption (PGP) Installation Guide

GSE/Belux Enterprise Systems Security Meeting

Using AORUS Notebook for the First Time

Using AORUS Notebook for the First Time

Creating rescue media

FuzeDrive. User Guide. for Microsoft Windows 10 x64. Version Date: June 20, 2018

ThinkCentre M710e SFF

HP Image and Application Services

Steps To Format Laptop Windows Xp And Install Windows 7 Dell

Table of Contents. Installation and Software 1

BIOS Update Release Notes

What is JBOD Mode? How Do I Enable JBOD Mode on Intel 12G SAS Adapters?

Tutorial How to upgrade firmware on Phison S8 controller MyDigitalSSD using a Windows PE environment

How To Install Windows Update Vista Without Cd Dell Inspiron 1720

RAID Configuration Guide. Motherboard

Big and Bright - Security

Free4Torrent. Free and valid exam torrent helps you to pass the exam with high score

Encrypting Removable Media

Using GIGABYTE Notebook for the First Time

Guide to SATA Hard Disks Installation and RAID Coniguration

BIOS Update Release Notes

About the Presentations

Hp Recovery Disc Instructions Windows 7 32 Bit

Introduction to Configuration. Chapter 4

Step 2. Brun Windows Password Recovery Enterprise to

Dell PowerEdge T130 Owner's Manual

Windows 10 Pro device opportunity

VMware Horizon FLEX Client User Guide. 26 SEP 2017 Horizon FLEX 1.12

BIOS Update Release Notes

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

VMware Horizon FLEX Client User Guide

Fujitsu LifeBook T Series

Transcription:

Configuring TPM Firmware Version Step-by-Step Guide Updated September 2016 HP has been moving to utilize version 2.0 of the Trusted Platform Module (TPM) Firmware on its newer products. The previous version of TPM is version 1.2. As there will be the possibility that customers have either upgraded or downgraded the version of TPM firmware they are using from what was originally installed on the system (or what was the default setting for that system), field engineers need to be able to adjust TPM settings when replacing a system board. The purpose of this document is to provide an overview of how to determine if you need to change TPM firmware versions and the process to do so. Note: The procedures described in this guide are for HP Commercial Notebooks, Desktops and RPOS only. HP Workstations will have the replacement system board set to the TPM firmware version of the system as it was ordered / requested.

Contents HP TPM Strategy... 3 How to Determine the Required TPM Firmware Version... 6 New TPM Label on Replacement System Boards... 8 Process Overview... 9 Configuring TPM firmware - Notebooks... 11 Setting TPM Firmware Version - Desktops... 15 2

HP TPM Strategy HP is working to make the transition from TPM V1.2 to TPM V2.0 as smooth as possible. New systems introduced in 2016 and beyond will have the latest TPM V2.0 firmware as a default. In addition, replacement system boards for these products will be shipped with TPM set to V2.0. Older products or products that are currently shipping (sustaining) in 2016 will have TPM set to V1.2 as default and replacement system boards for those products will also have TPM set to V1.2. When the next generation of these products are introduced, they will begin using the TPM V2.0 firmware. The following table summarizes the TPM firmware default options by operating system. Manufacture date OS version Default TPM firmware TPM firmware can be configured to: NPI before 7/28/16 Win 7 32/64-bit image 1.2 2.0 Win 10 image 1.2 2.0 NPI after 7/28/16 Win 7 32-bit image (only hybrid *) Win 7 64-bit image (only hybrid **) 1.2 N/A 1.2 2.0 Windows 10 Image 2.0 1.2 *Hybrid Platforms are Intel Skylake processor in a Kabylake chipset, or AMD Carrizo processor in Bristol Ridge chipset.

Products Shipping with TPM V2.0 IN 2016 The following is a sample list of products that are shipping or scheduled to ship in 2016 with TPM firmware set to V2.0. Replacement system boards for these products will also be shipped with TPM set to V2.0. Customers may choose to downgrade to TPM V1.2 based upon their current operating system and organizational needs. Product Launch Shipped Default Spare Board Slice Elite HP Slice 8/22/2016 2.0 2.0 HP Elite 705 G3 SFF/MT 8/29/2016 2.0 2.0 Elite 705 G3 DM 8/29/2016 2.0 2.0 HP EliteBook Folio G1 3/18/2016 2.0 2.0 HP EliteBook Folio 1030 G1 5/20/2016 2.0 2.0 HP Elite X2 1012 G2 9/12/2016 2.0 2.0 HP ProBook 650/640 G2 1/6/2016 2.0 2.0 HP ProBook 655/645 G2 1/6/2016 2.0 2.0 4

Products Shipping with TPM V2.0 as an Option Certain sustaining products (products currently shipping) provide the option of setting the TPM firmware to either V1.2 or V2.0 at the factory. The default setting for these products is TPM V1.2 and all system boards for these products are shipped with TPM set to V1.2. Customers may choose to configure the TPM to V 2.0 on systems with the Windows 10 Operating Systems based upon their current operating system and organizational needs. The following table lists systems that support either TPM V1.2 or TPM V2.0. Product Refresh Date / AV Available Shippe d Defaul t Spare Board Option to be configured to TPM V2.0 from the Factory 600 G2 SFF/MT/DM 5/1/2016 1.2 1.2 Yes 600 G2 AiO T/NT 5/1/2016 1.2 1.2 Yes 705 G2 SFF/MT/DM 5/1/2016 1.2 1.2 Yes 705 G2 AiO T 5/1/2016 1.2 1.2 Yes 800 G2 TWR/SFF/DM 5/1/2016 1.2 1.2 Yes 800 G2 AiO 5/1/2016 1.2 1.2 Yes RP9 Model 9815/9818 5/1/2016 1.2 1.2 Yes HP EliteBook 1030 9/1/2016 1.2 1.2 Yes HP EliteBook Folio 1040 G3 9/1/2016 1.2 1.2 Yes HP ProBook 430 G3 9/1/2016 1.2 1.2 Yes HP ProBook 470 G3 9/1/2016 1.2 1.2 Yes HP ProBook 440 G3 9/1/2016 1.2 1.2 Yes HP ProBook 450 G3 9/1/2016 1.2 1.2 Yes HP ProBook 455 G3 9/1/2016 1.2 1.2 Yes HP ProBook 645 G2 9/1/2016 1.2 1.2 Yes HP ProBook 645 G2 9/1/2016 1.2 1.2 Yes HP EliteBook 755 G3 9/1/2016 1.2 1.2 Yes HP EliteBook 745 G3 9/1/2016 1.2 1.2 Yes HP EliteBook 725 G3 9/1/2016 1.2 1.2 Yes HP EliteBook 820 G3 9/1/2016 1.2 1.2 Yes HP EliteBook 850 G3 9/1/2016 1.2 1.2 Yes HP EliteBook 840/848 G3 9/1/2016 1.2 1.2 Yes HP ProBook 650 G2 9/1/2016 1.2 1.2 Yes HP ProBook 640 G2 9/1/2016 1.2 1.2 Yes HP ZBook 15u G3 9/1/2016 1.2 1.2 Yes

How to Determine the Required TPM Firmware Version As a Field Engineer onsite, you must determine what TPM firmware version is required by the customer for the system board you are about to replace. There are multiple ways to determine which TPM firmware version is required: Ask Your Customer Most large commercial / enterprise accounts will know what TPM firmware version they are using for their systems, especially if the customer has changed the TPM firmware version after purchase or ordered a specific SKU with a unique TPM firmware version from the default version for that system. Smaller customers may not know their TPM firmware version. These customers are less likely to have changed the firmware version or ordered a specific SKU with a unique TPM firmware version from the default version for that system. In this case, the replacement system board likely already includes the correct TPM firmware version. Identify TPM Firmware Version from Current System Board If you are able to boot the current system (or an identical system from the customer) and access the BIOS, you can determine the TPM firmware version of the current system board before you replace it. To determine the current TPM firmware version on a system, follow these steps: 1. Power on the computer and press F10 prior to OS boot. 2. Navigate to Security > TPM Embedded Security. 3. View the TPM version of the current system board. The following graphic shows an example of a TPM configured to V1.2. 6

Look up the Unit in Serial Number Repository If you have internet access, you can look up the system in the Serial Number Repository to see if the customer purchased a specific SKU with a unique TPM firmware version from the default setting for that system. Systems with the option of selecting the TPM firmware version will show up in the Serial Number Repository as a specific AV. Operating System While not 100% accurate, understanding what Operating System the customer is using can be useful in trying to determine if the TPM firmware needs to be changed. As a general rule, customers running Windows 7 Operating System will be using TPM V1.2. If the customer is running the Windows 10 operating system, there is a good chance that they will have moved to TPM V2.0.

New TPM Label on Replacement System Boards To help facilitate the TPM configuration process, new system boards that feature the new HP Common Core BIOS will begin shipping with a label on the system board s anti-static bag. The purpose of the label is to: Serve as a reminder to the field technician that the TPM Firmware on the system board they just received can be configured. Prompt the field technician to confirm TPM setting requirements on the current system under repair before installation of new system board. Provide links to obtain the detailed instruction to configure TPM. Identifie the TPM firmware setting of the replacement system board. Sample image of the new TPM Label to be found on replacement system boards that support the new HP Common core BIOS. It is important to note that only system boards that support the new HP Common Core BIOS will feature the TPM labels. Older system boards will not feature the label and will not require the field technician to configure TPM. 8

Process Overview As part of the system board replacement process, configuring the TPM firmware version should take place before Programing DMI, Committing ME (if applicable) and Locking the System Board. As always, the first step in the process will be to gather all of the appropriate information. A high-level overview of the process is outlined below: TPM / DMI / Committing Process Flow Gather Information & Determine TPM Set TPM Program DMI Commit ME Confirm Boot to Windows Lock MPM

Update System BIOS It is critical that you update the System BIOS to the most current version before attempting to change TPM settings. Before you begin Remember, you should ask the customer to do the following before performing any service procedures. Systems with BitLocker or other encryption should be unlocked before programming the DMI. Ask the customer to disable the encryption before service. If the customer is not able to do this prior to service, the customer will need to provide the recovery key. Remind the customer that with any system board replacement, the customer will need to use their recovery key to re-create the encryption key stored by the new TPM. This is the only way that the customer will be able to access their encrypted drive after system board replacement. BIOS passwords need to be cleared or provided prior to the service. 10

Configuring TPM firmware - Notebooks To configure the TPM firmware version on commercial notebooks, use the UEFI TPM Update utility found on the DOS USB Key of your DMIFIT USB Keys. The TPM Update utility is included with DMIFIT V2.10. Follow the steps below to complete the procedure. Steps for Setting TPM using UEFI TPM Utility Ensuring Boot Mode and Clear TPM 1. Insert the DOS USB key into a USB 2.0 slot. 2. Power up the notebook. 3. Press F10 to enter HP Computer Setup. 4. Navigate to Advanced > Secure Boot Configuration > Configure Legacy Support and Secure Boot. 5. Select Legacy Support Enabled and Secure Boot Disabled. 6. Navigate to Security > TPM Embedded Security > Clear TPM. 7. Select On next boot. 8. Press F10 to exit and select Save Changes.

Boot to DOS USB Key 1. Press F9 to access the boot options menu. 2. Select External USB Hard Drive (UEFI). The system will automatically start the Commit ME utility and display a menu similar to the one below: Run TPM Utility 1. At the prompt, type: TPM <enter>. The tool will run and display a short menu indicating the current version of the TPM firmware and the option to upgrade to a later version (if required) or switch to an alternate version. Important: Tool indicates current version of TPM on the system board. Important: Tool provides a menu of options available and what to type to run each option. Important: The file name to type to run the appropriate utility is shown here. 12

2. At the prompt, type the appropriate file name to run the corresponding utility. In the example above, you could type either of the following two commands: Command Action 121to12.nsh Update to latest version of TPM V1.2 121to20.nsh Switch from TPM V1.2 to TPM V2.0 Note: Note that these menu options will change based upon your system. You should identify the action required and enter the corresponding command line as shown on your screen. Note: If the system board is already configured with the latest version of TPM V1.2, you will not see the option to configure the latest version of TPM V1.2. You will only be presented the option to configure to V2.0. For example, to switch from TPM V1.2 to TPM V2.0, type: 121to20.nsh<enter>. The utility will begin to configure the TPM firmware. After completion, the utility will confirm that the TPM firmware configuration was successful and the utility will return you to the prompt. 3. At the prompt, reboot the system.

Confirm TPM firmware version / TPM Enabled 1. Press F10 to access the HP Computer Setup utility. 2. Navigate to Security > TPM Embedded Security and verify the following settings: TPM Specification Version should indicated desired version of TPM. TPM State box should be checked (if not, please check TPM State box. Important: Confirm that you are set to the version of TPM required by the customer. Important: Confirm TPM is enabled by making sure there is a in the box. 14

Setting TPM Firmware Version - Desktops To set the TPM firmware version on commercial desktops (in Panic Mode ), use the UEFI TPM Utility found on the DOS USB Key of your DMIFIT V2.10 USB Keys. Follow the steps below to complete the procedure. Steps for Setting TPM using UEFI TPM Utility Ensuring Boot Mode / Clear TPM 1. Boot the system. Upon startup, you should see the screen below indicating that the desktop system board is in Panic Mode (meaning the ME has been committed and the MPM lock command has been issued at the factory). 2. Press Y to enter the HP Computer Setup Utility. 3. Navigate to Advanced > Secure Boot Configuration > Configure Legacy Support and Secure Boot. 4. Select Legacy Support Enabled and Secure Boot Disabled.

5. Navigate to Security > TPM Embedded Security > Clear TPM. 6. Select On next boot. 7. Press F10 to exit and then Save Changes. The system will reboot and return to the Panic Mode screen. Run TPM Utility 1. Press the Space Bar to continue boot and immediately press the Escape key. This will take you to the Start-Up Menu. 2. Press F9 for Boot Options Menu. 3. Select External USB Hard Drive (UEFI). The system will display a status menu similar to the one below: 4. At the prompt type: TPM <enter>. The tool will run and display a short menu indicating the current version of the TPM firmware and the option to upgrade to the latest version (if required) or switch to the alternate version. 16

Important: Tool indicates current version of TPM on the system board. 5. 6. Important: The file name to type to run the appropriate utility is shown here. Important: Tool provides a menu of options available and what to type to run each option. 7. At the prompt, type the appropriate file name to run the corresponding utility. In the example above, you could type either of the following two commands: Command Action 121to12.nsh Update to latest version of TPM V1.2 121to20.nsh Switch from TPM V1.2 to TPM V2.0 2.0 For example, to switch from TPM V1.2to TPM V2.0, type: 121to20.nsh <enter>. The utility will begin to update the TPM Firmware.

After completion, the utility will confirm that the TPM firmware update was successful and the utility will return you to the prompt. 8. At the prompt, reboot the system. The system returns to the Panic Mode screen. Confirm TPM firmware version / TPM Enabled 1. At Panic Mode screen, press Y to enter the HP Setup Utility. 2. Select Security > TPM Security and confirm the following TPM settings: TPM Specification Version should indicated desired version of TPM. TPM State box should be checked (if not, please check TPM State box). Important: Confirm that you are set to the version of TPM required by the customer. Important: Confirm TPM is enabled by making sure there is a in the box. 21. Once the TPM settings are confirmed, you can proceed to program DMI Information under Main > Set Machine Unique Data. As the system is still in panic mode, it should lock MPM once the correct system information has been entered. 18

After Setting TPM Once you have selected the appropriate TPM setting, you can continue on with Programming DMI, Committing ME and locking the system board as required.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback