Home  ›  Please Clear the Tpm and Try Again

Please Clear the Tpm and Try Again

Written By quarta-feira, 6 de abril de 2022 Add Comment Edit
  • Remove From My Forums

locked

TPM firmware update requires disabling automatic password management during TPM initialization

  • Question

  • I have several "HP ProOne 600 G1" desktops with an unpatched disquisitional flaw in the TPM firmware.  I need to employ "sp82407.exe", which requires the TPM to exist initialized, and and then needs the TPM password or cardinal backup file to perform the update.

    On windows vii, this is easy to practise - the initialization process via tpm.msc involves an UI popup that asks whether to do information technology automatically (generate random key, and so discard information technology), or manually (enter primal, choice to save fill-in). Windows 10, starting from this year, performs initialization in automatic mode - key backup UI is no longer shown. Thus I'm no longer able to perform the update. I demand instructions on how to disable this automatic TPM management and initialize the TPM using a known central, then that I may perform the firmware update.

    I take already tried a bunch of online guides for this. Using various powershell commands, petty with group policy and registry keys... no affair what I tried, tpm.msc would ever just initialize the TPM silently, showing a "TPM initialized successfully" popup and forcing me to take to clear the TPM, reboot and try again. Which is aggravating since this PC model takes several minutes to boot. At this point I decided to stop trying and to ask for aid, still Microsoft support chat and the Microsoft corporate help line just suggested I use the forums. The Microsoft Answers forum just hangs while trying to post the question, and so I hope someone here knows the right procedure and can aid me.

    In addition, delight let me know if there'south a fashion to clear/re-initialize the TPM remotely. The PC is in a remote location, I've already made 3 trips in that location, unsuccessfully trying to update the machine, just because of the F3/F4 prompt at boot time.

    • Edited by Midweek, October 24, 2018 9:08 AM

Answers

  • HP Support pointed me in the right direction. According to Readme.html included in the sp82407.exe SoftPaq annal:

    Windows ten ® Version 1607 and later

    The owner authority is no longer stored on the local system. To update the firmware you demand to clear the TPM and accept buying once more with modified Windows setting so that owner authorization is stored on the local organization.

    The post-obit steps are needed to update the firmware:

    1. Set registry key 'HKLM\Software\Policies\Microsoft\TPM\OSManagedAuthLevel' to iv [REG_DWORD].
    2. First tpm.msc and click on 'Clear TPM...'. Restart the computer.
    3. Starting time tpm.msc and click on 'Set the TPM...'.
    4. Run the TPM Firmware Update tool and update the firmware. Restart the figurer.
    5. Restore the registry key to its previous value.
    6. Start tpm.msc and click on 'Clear TPM...'. Restart the computer.
    7. Offset tpm.msc and click on 'Set the TPM...'.

    As to how exactly this works, I take used the proper name of the registry key to notice TPM Group Policy settings. Information technology explains what the various values mean and how they conduct:

    If you enable this policy setting, the Windows operating system volition shop the TPM owner authorization in the registry of the local reckoner according to the TPM authentication setting you lot choose.

    0 = None, two = Delegated, 4 = Full. First with Windows x version 1703, the default value is five (dummy).

    I also found a Microsoft web log post TPM Owner Password which goes into item about where and how the countersign is stored, and how to brand use of information technology.

    For never operating systems (Windows 8.1/x) TPM is automobile-provisioned – that ways TPM is automatically activated. Windows uses the randomly-generated Lockout Auth to provision the TPM, then destroys the Lockout Auth without always revealing it to the user. However, depending on GPO settings, TPM Owner Password can be stored additionally in the registry.

    Then the trick is to set OSManagedAuthLevel to Full and reinitialize. There is still no central fill-in UI, but the presence of the registry central will crusade the TPM central to get saved in the registry. According to the readme, the updater should then exist able to fetch the key automatically. If it doesn't, the cardinal can exist extracted from the registry.

    • Edited by theultramage Tuesday, October thirty, 2018 2:07 PM
    • Marked as answer by theultramage Tuesday, October 30, 2018 2:07 PM

coopernoppy1967.blogspot.com

Source: https://social.technet.microsoft.com/Forums/en-US/4cb6044a-c139-41cc-a741-ac71e7e13d97/tpm-firmware-update-requires-disabling-automatic-password-management-during-tpm-initialization

0 Response to "Please Clear the Tpm and Try Again"

Postar um comentário

Assinar: Postar comentários (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel