Dell Vostro 3471 Service Manual - Page 75

Enabling firmware TPM in China, Boot List Option

Get Dell Vostro 3471 PDF manuals and user guides View all Dell Vostro 3471 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 75 highlights

a. Boot to Windows. b. Launch the PowerShell Command window in Administrator mode. c. At the Powershell command prompt, execute the command: > Disable-TpmAutoProvisioning. d. Confirm the following results:- AutoProvisioning: Disabled. e. Reboot the system, to BIOS Setup by pressing F2. f. Navigate to Security > TPM 1.2/2.0 Security . g. Click the Clear checkbox and select Yes at the prompt to clear the TPM settings. (You can skip it if the item is grayed out). h. Click Exit to save changes. i. Reboot system to Windows. j. Confirm the TPM is not owned. The TPM should no longer be automatically provisioned by Windows. k. When the TPM update is finished, launch the PowerShell command in Administrator mode to re-enable the auto provisioning. Enable-TpmAutoProvisioning. l. Confirm the following results:- AutoProvisioning: Enabled. 4. Run the TPM update utility from Windows environment. a. Browse to the location where you downloaded the file and double-click the new file. b. Windows System will auto restart and update the TPM during the system startup. c. When the TPM update is finished, the system will auto reboot to take effect. 5. Run the TPM update utility from DOS environment, if Legacy Boot mode (Non-Windows users). a. Copy the downloaded file to a bootable DOS USB key. b. Power on the system, then Press F12 key and Select USB Storage Device and Boot to DOS prompt. c. Run the file by typing copied file name where the executable is located. d. DOS system will auto restart and update the TPM during the system startup. e. When the TPM update is finished, the system will auto reboot to take effect. 6. Run the BIOS update utility from DOS environment if UEFI Boot Mode (Non-Windows users). Note 1:You will need to provide a bootable DOS USB key. This executable file does not create the DOS system files. Note 2: If BitLocker is enabled on your system, please make sure you suspend BitLocker encryption before updating TPM on a BitLocker enabled system. Note 3: The TPM must be ON and Enabled in BIOS Setup, and the TPM must not be owned. If the TPM is owned, go to BIOS Setup and clear the TPM before proceeding. You may need to run TPM.msc to re-initial the TPM under Windows OS. Note 4: When the TPM ownership is cleared, some operating system will automatically take ownership of the TPM on the next boot (TPM AutoProvisioning). This feature will need to be disabled in the OS to proceed with the update. a. Copy the downloaded file to a bootable DOS USB key. b. Power on the system, then go to BIOS Setup by pressing F2 and go to General > Boot Sequence > Boot List Option . c. Change "UEFI" to "Legacy" of Boot List Option. d. Click Apply, Exit to save changes and reboot system. e. Press F12, then Select USB Storage Device and Boot to DOS prompt. f. Run the file by typing copied file name where the executable is located. g. When the TPM update is finished, the system will auto reboot to take effect. h. Go to BIOS Setup by pressing F2 and go to General > Boot Sequence > Boot List Option. i. Change "Legacy" to "UEFI" Boot Option. j. Click Apply, Exit to save changes and reboot system. Enabling firmware TPM in China Beginning May 2018, new systems with Windows 10 shipped to China region will be defaulted to firmware TPM (fTPM). The fTPM improves and provides added security. To check fTPM setting in BIOS Setup: User can check the fTPM setting in the BIOS under the Security option, as shown below. The option lets you control whether the Platform Trust Technology Feature (PTT) is visible to the operating system. Removing and installing components 75

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
a.
Boot to Windows.
b.
Launch the
PowerShell Command
window in Administrator mode.
c.
At the Powershell command prompt, execute the command:
> Disable-TpmAutoProvisioning
.
d.
Confirm the following results:-
AutoProvisioning: Disabled
.
e.
Reboot the system, to BIOS Setup by pressing
F2
.
f.
Navigate to
Security
>
TPM 1.2/2.0 Security
.
g.
Click the
Clear
checkbox and select
Yes
at the prompt to clear the TPM settings. (You can skip it if the item is grayed out).
h.
Click
Exit
to save changes.
i.
Reboot system to Windows.
j.
Confirm the TPM is not owned. The TPM should no longer be automatically provisioned by Windows.
k.
When the TPM update is finished, launch the PowerShell command in Administrator mode to re-enable the auto provisioning.
Enable-TpmAutoProvisioning.
l.
Confirm the following results:- AutoProvisioning: Enabled.
4.
Run the TPM update utility from Windows environment.
a.
Browse to the location where you downloaded the file and double-click the new file.
b.
Windows System will auto restart and update the TPM during the system startup.
c.
When the TPM update is finished, the system will auto reboot to take effect.
5.
Run the TPM update utility from DOS environment, if Legacy Boot mode (Non-Windows users).
a.
Copy the downloaded file to a bootable DOS USB key.
b.
Power on the system, then Press
F12
key and Select
USB Storage Device
and Boot to DOS prompt.
c.
Run the file by typing copied file name where the executable is located.
d.
DOS system will auto restart and update the TPM during the system startup.
e.
When the TPM update is finished, the system will auto reboot to take effect.
6.
Run the BIOS update utility from DOS environment if UEFI Boot Mode (Non-Windows users).
Note 1
:You will need to provide a bootable DOS USB key. This executable file does not create the DOS system files.
Note 2
: If BitLocker is enabled on your system, please make sure you suspend BitLocker encryption before updating TPM on a
BitLocker enabled system.
Note 3
: The TPM must be ON and Enabled in BIOS Setup, and the TPM must not be owned. If the TPM is owned, go to BIOS Setup
and clear the TPM before proceeding. You may need to run TPM.msc to re-initial the TPM under Windows OS.
Note 4
: When the TPM ownership is cleared, some operating system will automatically take ownership of the TPM on the next boot
(TPM AutoProvisioning). This feature will need to be disabled in the OS to proceed with the update.
a.
Copy the downloaded file to a bootable DOS USB key.
b.
Power on the system, then go to BIOS Setup by pressing
F2
and go to
General
>
Boot Sequence
>
Boot List Option
.
c.
Change "UEFI" to "Legacy" of Boot List Option.
d.
Click
Apply
,
Exit
to save changes and reboot system.
e.
Press
F12
, then Select
USB Storage Device
and Boot to DOS prompt.
f.
Run the file by typing copied file name where the executable is located.
g.
When the TPM update is finished, the system will auto reboot to take effect.
h.
Go to BIOS Setup by pressing F2 and go to
General
>
Boot Sequence
>
Boot List Option
.
i.
Change "Legacy" to "UEFI" Boot Option.
j.
Click
Apply
,
Exit
to save changes and reboot system.
Enabling firmware TPM in China
Beginning May 2018, new systems with Windows 10 shipped to China region will be defaulted to firmware TPM (fTPM). The fTPM
improves and provides added security.
To check fTPM setting in BIOS Setup:
User can check the fTPM setting in the BIOS under the
Security
option, as shown below. The option lets you control whether the
Platform Trust Technology Feature (PTT) is visible to the operating system.
Removing and installing components
75