Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31

Thread: Question on TPM

  1. #16
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by BHarder
    Might have been me. I helped my brother get his fingerprint reader running on an older HP laptop on Windows 10.

    Long story short, I had to uninstall all the Windows 7 era HP software, get a generic Synaptics driver, and use Windows Hello on top of that. Worked like a charm once I knew what to do.
    You're right... it was you. The thread is: How do I enable the fingerprint reader?

  2. #17
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    Yes to your pic of TPM, Here's mine
    TPM info.JPG

    Read what it says in Status.
    Last edited by lumpy95; 2017-11-14 at 18:42.

  3. #18
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95 View Post
    Yes to your pic of TPM, Here's mine
    TPM info.JPG
    The Actions pane is slightly different (identical to that in 1709) but it shouldn't make a difference.

  4. #19
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    As to the Fingerprint reader, I'm not overly concerned with that as I find it just as easy to use a password but thanks for the info.
    My thoughts on the TPM update are, what happens if the update goes awry, do I just brick the TPM and all else works? If my reading is correct, TPM is a chip that controls a number of things so I really don't know the ramifications of a bricked TPM. I believe this is a firmware update kinda like a BIOS update isn't it?
    My W7 computer doesn't even have TPM turned on.
    Last edited by lumpy95; 2017-11-14 at 18:52.

  5. #20
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    Here's Regedit
    Regedit TPM.JPG

  6. #21
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95
    As to the Fingerprint reader, I'm not overly concerned with that as I find it just as easy to use a password but thanks for the info.
    My thoughts on the TPM update are, what happens if the update goes awry, do I just brick the TPM and all else works? If my reading is correct, TPM is a chip that controls a number of things so I really don't know the ramifications of a bricked TPM. I believe this is a firmware update kinda like a BIOS update isn't it?
    It's not really like a BIOS (which has to understand and be able to change hardware characteristics). TPM is far simpler in what it does but more secure against tampering. If anything goes wrong then it forgets its stored info and reverts to a blank state, capable of storing new info.

    If you mess up flashing a BIOS update then you can end up with a brick. As there's no TPM firmware update available (that I can see), all you are doing is clearing/resetting it for re-use with new data... and you can do this as many times as you want.

  7. #22
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95 View Post
    Here's Regedit
    Regedit TPM.JPG
    It looks like the settings vary between the different Win 10 versions.

  8. #23
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    As there's no TPM firmware update available (that I can see),
    For this particular model it's SP82133.
    I'll copy/paste the original email I got and you should be able to follow the links as there are 100's of HP laptops that are listed as needing the update for the Infineon TPM chip.


    Critical Security Bulletin - Oct 26 2017

    HPSBHF03568 rev. 3 - Infineon TPM Security Update (c05792935)
    http://click.emailinfo.hp.com/?qs=8c...d8d6db6bc2bfcf

    Products: Laptops and Hybrids, Point of Sale Systems, Desktops & Workstations, Tablets

    Description: HPSBHF03568 rev. 3 - Infineon TPM Security Update




    Critical Customer Notice - Oct 22 2017

    Notice: HP Commercial and Consumer Notebooks, Tablets, Desktops, Workstations, and Retail Systems - Updating TPM Firmware and Clearing old TPM Keys (c05809624)
    http://click.emailinfo.hp.com/?qs=8c...c84b6822b9c056

    Products: Desktops & Workstations, Laptops and Hybrids, Point of Sale Systems, Tablets

    Description: Notice: HP Commercial and Consumer Notebooks, Tablets, Desktops, Workstations, and Retail Systems - Updating TPM Firmware and Clearing old TPM Keys

    Guess the links on my original paste didn't work so I added them
    Anyway, I guess I'll tackle this project either tonight or tomorrow.
    Last edited by lumpy95; 2017-11-14 at 19:16.

  9. #24
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    Well, I tried but it won't let me clear the TPM.
    NOTE: everything I ran was as Administrator
    1- I changed the value in the registry
    2- I ran tpm clear and got an error
    3- I rebooted to BIOS and changed the tpm, came back and got the same error
    4- I rebooted to BIOS and changed the tpm back to what it was and then went to registry and changed the value back to original.
    Conclusion: I followed HP's directions to a "T" and my HP ProBook will not allow me to update the TPM.
    TPM error.JPG

  10. #25
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95
    3- I rebooted to BIOS and changed the tpm, came back and got the same error
    4- I rebooted to BIOS and changed the tpm back to what it was and then went to registry and changed the value back to original.
    It isn't clear what you did then undid in the BIOS.

    Does your laptop's BIOS include TPM protection?

  11. #26
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    Here are pics of the BIOS.
    1- I unchecked the box for System Management Command
    TPM emb sec sys man cmd.jpg
    2- I got this warning & clicked accept
    TPM sys man cmd warning.jpg
    3- I rebooted and tried the update tool and received the warning in TPM as the pic showed earlier in my post’s.
    4- I rebooted to the BIOS again and rechecked System Management Command box
    5- I clicked on Set Security Level
    6- I scrolled down to TPM embedded Security, showing the normal view
    TPM emb sec normal2.jpg
    7- I then clicked the button for change, saved & exited
    TPM emb sec change.jpg
    8- I tried the TPM update tool again which resulted in the same error.
    9- I went back to BIOS and changed the TPM embedded Security button back to normal

  12. #27
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95
    7- I then clicked the button for change, saved & exited
    You're so close...

    After step 7, go back to the FILE screen and click on Reset BIOS security to factory default.
    tpmreset01.png

    Click the YES button to proceed:
    tpmreset02.png

    Now EXIT.

    Save the changes:
    tpmreset03.png
    Click to enlarge

    The following screen should appear:
    tpmreset04.png

    Press F1 to clear the TPM.

    Hope this helps... (sorry the photos are so poor quality)

  13. #28
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    NOTE: Only 2 of your photos will enlarge.
    I don't have "File" in the BIOS headings but I assume "Main" would be the same ( it's the 1st heading followed by security, advanced, etc. ).
    To be clear: After entering BIOS, I need to go to Security heading, then "Set Security Level", then down to TPM embedded Security and select the "change" button ( as shown after step 7 ) without unchecking the box for System Management Command, thus eliminating my steps 1/4.
    Then go back to the "Main" heading and choose "Reset BIOS Security to Factory Defaults".
    Then if successful, reenter BIOS and reverse the changes.
    Is that correct?

  14. #29
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,594
    Thanks
    144
    Thanked 923 Times in 740 Posts
    Quote Originally Posted by lumpy95
    I don't have "File" in the BIOS headings but I assume "Main" would be the same ( it's the 1st heading followed by security, advanced, etc. ).
    Yes. it's the same. I don't have the exact same laptop but assumed my HP Probook 6475b would be similar.

    Quote Originally Posted by lumpy95
    To be clear: After entering BIOS, I need to go to Security heading, then "Set Security Level", then down to TPM embedded Security and select the "change" button ( as shown after step 7 ) without unchecking the box for System Management Command, thus eliminating my steps 1/4.
    Then go back to the "Main" heading and choose "Reset BIOS Security to Factory Defaults".
    Then if successful, reenter BIOS and reverse the changes.
    Is that correct?
    Yes. Disable the TPM protection by changing the option from View to Change then, under Main, "Reset BIOS Security to Factory Defaults". Confirm this then Exit and save the changes. You should see the F1 prompt as the laptop restarts.

    Note: When I press F1 I see a second screen.
    Attachment 61411
    Click to enlarge

    This is because I do use the fingerprint reader. I doubt you will see this second screen.

    Hope this helps...

  15. #30
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,346
    Thanks
    346
    Thanked 251 Times in 205 Posts
    Does "Reset BIOS Security to Factory Defaults" change anything else in the BIOS? In other words do I need to take a week to see what all my settings are, LOL

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •