Home » HP Manuals » Servers » HP Integrity Superdome 2 8/16 » Manual Viewer

HP Integrity Superdome 2 8/16 HP Smart Update Manager 5.1 User Guide - Page 13

BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption

View all HP Integrity Superdome 2 8/16 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

temporarily disable BitLocker and does not cancel the flash, the BitLocker recovery key is needed to access the user data upon reboot. A recovery event is triggered if: • You do not temporarily disable BitLocker before flashing the system BIOS when using the Microsoft BitLocker Drive Encryption. • You have optionally selected to measure HP iLO, Smart Array, and NIC firmware. If HP SUM detects a TPM, a warning message appears. To enable firmware updates without the need to type in the TPM password on each server, the BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption keeps the hard drive data encrypted. However, BitLocker uses a plain text decryption key that is stored on the hard drive to read the information. After the firmware updates have been completed, the BitLocker Drive Encryption can be re-enabled. Once the BitLocker Drive Encryption has been re-enabled, the plain text key is removed and BitLocker secures the drive again. NOTE: Temporarily disabling BitLocker Drive Encryption can compromise drive security and should only be attempted in a secure environment. If you are unable to provide a secure environment, HP recommends providing the boot password and leaving BitLocker Drive Encryption enabled throughout the firmware update process. This requires setting the /tpmbypass parameter for HP SUM or the firmware update is blocked. To temporarily disable BitLocker support to allow firmware updates: 1. Click Start, and then search for gpedit.msc in the Search Text box. 2. When the Local Group Policy Editor starts, click Local Computer Policy. 3. Click Computer Configuration→Administrative Templates→Windows Components→Bitlocker Drive Encryption. 4. When the BitLocker settings are displayed, double-click Control Panel Setup: Enable Advanced startup options. 5. When the dialog box appears, click Disable. 6. Close all windows, and then start the firmware update. To enable advanced startup options: 1. Enter cscript manage-bde.wsf -protectors -disable c: 2. When the firmware update process is completed, the BitLocker Drive Encryption support can be re-enabled by following steps 1 through 4 but clicking Enabled in step 5 instead. The following command can be used to re-enable BitLocker Drive Encryption after firmware deployment has completed. 3. Enter cscript manage-bde.wsf -protectors -enable c: Trusted Platform Module 13

Section	Page
HP Smart Update Manager User Guide	1
Contents	3
1 Introduction	6
HP SUM overview	6
Deploying HP SUM	7
Running HP SUM	7
Deploying firmware for ProLiant servers using the Service Pack for ProLiant	9
HP SUM supported firmware for ProLiant servers	10
Deploying firmware for ProLiant servers using the HP Smart Update Firmware DVD	10
Deploying Integrity firmware bundles with HP SUM	11
HP SUM supported firmware for Integrity servers	11
Deployment modes	11
Deployment scenarios	12
Trusted Platform Module	12
2 Using the HP SUM GUI	15
Keyboard support	15
Source selections	15
Setting Proxy Server options	16
Using multiple repositories	17
Adding the repository	17
Editing the repository	18
Removing the repository	18
Configuring the components	18
Downloading components for target discovery	19
Updating mixed ProLiant and Integrity environments	19
Selecting the targets	20
Inter-target dependency	21
Dependency checking	21
Target types	21
Finding and discovering targets	22
Adding a single target	22
Entering target credentials	22
Editing a target	22
Removing a target	23
Managing groups	23
Pending firmware updates for iLO (HP Integrity servers only)	23
Reviewing and installing updates	24
Installing updates	25
Aborting an installation	25
Viewing failed dependencies	25
Selecting bundles	25
Selecting components	26
Selecting devices	27
Viewing firmware details	27
Viewing firmware mismatch details (HP Integrity servers only)	28
Installation options	28
Reboot options	29
Scheduling updates	29
Generating and viewing reports	29
Generating a Report	29
Viewing a report	30
3 Using scripts to deploy updates	31
Command-line interface	31
Command-line syntax	31
Switch update commands	31
Command-line arguments	33
Component configuration for Windows components only	39
Command-line examples	40
Return codes	41
Windows smart-component return codes	41
Linux smart-component return codes	42
Linux RPM return codes	42
Input files	43
Input file format and rules	43
File encoding	44
Error reporting	44
Input file parameters	44
Reports	53
4 Advanced topics	55
Configuring IPv6 networks	55
Configuring IPv6 for Windows Server 2003	55
Configuring IPv6 for Windows Server 2008	56
Configuring IPv6 for Linux	56
Network ports used by HP SUM	57
5 Troubleshooting	59
Recovering from an installation failure	59
Collecting trace directories	59
Recovering from a discovery failure	60
Troubleshooting connection errors	60
HP SUM hangs during discovery	61
HP SUM hangs during boot	61
Recovering from a loss of Linux remote functionality	61
Configuring firewall settings	61
Recovering from a blocked program on Microsoft Windows	62
Configuring Windows firewall settings	62
Recovering from operating system limitations when using a Japanese character set	62
Displaying the user-specified reboot message using a Japanese character set when running on a Linux operating system	62
Rebooting with the user-specified reboot message using a Japanese character set when running on a Windows operating system	62
Running in a directory path containing multi-byte characters	62
Recovering a lost HP SUM connection	63
HP Smart Update Firmware DVD and SPP mounted using iLO virtual media	63
Troubleshooting HP SUM in IPv6 networks	63
Troubleshooting HP SUM in IPv6 Windows Server 2003 environment	63
Troubleshooting HP SUM in IPv6 Windows Server 2008 environment	64
Troubleshooting HP SUM in IPv6 Red Hat and Novell SUSE-based Linux environments	64
Microsoft Windows displays a Found new hardware message	65
Non-matching systems error reported when building source Linux RPMs or installing Linux RPMs built from source	65
Linux component version discrepancy for source RPMs	65
HP SUM displays No components found in the selected repository(ies) message	65
Installation of components failed with 'Update returned an error' when installing Linux RPMs	65
HP SUM fails on Windows hosts due to McAfee firewalls	66
HP SUM prevents an upgrade of Virtual Connect firmware if the VC health is invalid or bad health state.	67
Downgrade of ProLiant G6 Server ROM from 2010.03.30 or later to 2010.03.01 or earlier using HP SUM is not supported	68
ProLiant G2, G5, and G6 Servers - After Upgrading to the May 2011 (or Later) Revision of the System ROM, Special Steps Must Be Performed if it Is Necessary to Downgrade the System ROM to Revisions Earlier Than May 2011	68
6 Support and other resources	69
Information to collect before contacting HP	69
How to contact HP	69
Subscription service	69
Documentation feedback	70
Related information	70
Typographic conventions	71
HP Insight Remote Support software	71
7 Documentation feedback	73
Acronyms and abbreviations	74

Match case Limit results 1 per page

temporarily disable BitLocker and does not cancel the flash, the BitLocker recovery key is needed

to access the user data upon reboot.

A recovery event is triggered if:

•

You do not temporarily disable BitLocker before flashing the system BIOS when using the

Microsoft BitLocker Drive Encryption.

•

You have optionally selected to measure HP iLO, Smart Array, and NIC firmware.

If HP SUM detects a TPM, a warning message appears.

To enable firmware updates without the need to type in the TPM password on each server, the

BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption

keeps the hard drive data encrypted. However, BitLocker uses a plain text decryption key that is

stored on the hard drive to read the information. After the firmware updates have been completed,

the BitLocker Drive Encryption can be re-enabled. Once the BitLocker Drive Encryption has been

re-enabled, the plain text key is removed and BitLocker secures the drive again.

NOTE:

Temporarily disabling BitLocker Drive Encryption can compromise drive security and

should only be attempted in a secure environment. If you are unable to provide a secure

environment, HP recommends providing the boot password and leaving BitLocker Drive Encryption

enabled throughout the firmware update process. This requires setting the

/tpmbypass

parameter

for HP SUM or the firmware update is blocked.

To temporarily disable BitLocker support to allow firmware updates:

Click

Start

, and then search for

gpedit.msc

in the Search Text box.

When the Local Group Policy Editor starts, click

Local Computer Policy

Click

Computer Configuration

→

Administrative Templates

→

Windows Components

→

Bitlocker

Drive Encryption

When the BitLocker settings are displayed, double-click

Control Panel Setup: Enable Advanced

startup options

When the dialog box appears, click

Disable

Close all windows, and then start the firmware update.

To enable advanced startup options:

Enter

cscript manage-bde.wsf -protectors -disable c:

When the firmware update process is completed, the BitLocker Drive Encryption support can

be re-enabled by following steps 1 through 4 but clicking

Enabled

in step 5 instead. The

following command can be used to re-enable BitLocker Drive Encryption after firmware

deployment has completed.

Enter

cscript manage-bde.wsf -protectors -enable c:

Trusted Platform Module