HP ProLiant DL360e HP Smart Update Firmware DVD User Guide - Page 14
BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption
View all HP ProLiant DL360e manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 14 highlights
To enable firmware updates without the need to type in the TPM password on each server, the BitLocker Drive Encryption must be temporarily disabled. Disabling the BitLocker Drive Encryption keeps the hard drive data encrypted. However, BitLocker uses a plain text decryption key that is stored on the hard drive to read the information. After the firmware updates have been completed, the BitLocker Drive Encryption can be re-enabled. Once the BitLocker Drive Encryption has been re-enabled, the plain text key is removed and BitLocker secures the drive again. NOTE: Temporarily disabling BitLocker Drive Encryption can compromise drive security and should only be attempted in a secure environment. If you are unable to provide a secure environment, HP recommends providing the boot password and leaving BitLocker Drive Encryption enabled throughout the firmware update process. This requires setting the /tpmbypass parameter for HP SUM or the firmware update is blocked. To temporarily disable BitLocker support to allow firmware updates: 1. Click Start, and then search for gpedit.msc in the Search Text box. 2. When the Local Group Policy Editor starts, click Local Computer Policy. 3. Click Computer Configuration→Administrative Templates→Windows Components→Bitlocker Drive Encryption. 4. When the BitLocker settings are displayed, double-click Control Panel Setup: Enable Advanced startup options. 5. When the dialog box appears, click Disable. 6. Close all windows, and then start the firmware update. To enable advanced startup options: 1. Enter cscript manage-bde.wsf -protectors -disable c: 2. When the firmware update process is completed, the BitLocker Drive Encryption support can be re-enabled by following steps 1 through 4 but clicking Enabled in step 5 instead. The following command can be used to re-enable BitLocker Drive Encryption after firmware deployment has completed. 3. Enter cscript manage-bde.wsf -protectors -enable c: The following table describes TPM detection scenarios that you might encounter. Scenario Result If TPM is detected and enabled, the installation is not silent, A warning message appears. Select OK to continue. The and a system ROM must be updated. installation is not canceled. If TPM is detected and enabled, the installation is silent, the /tpmbypass switch is not given, and any firmware updated must be applied to the server. No warning appears. A new log file is generated (%systemdrive%\cpqsystem\log\cpqstub.log). Because the installation is silent, the installation is terminated and cannot continue. If TPM is detected and enabled with Option ROM A warning message appears. After selecting OK, you can Measuring, the installation is not silent, and a system ROM continue. The installation is not canceled. must be updated. If TPM is detected and enabled with Option ROM Measuring, the installation is silent; the /tpmbypass No warning appears. A new log file is generated (%systemdrive%\cpqsystem\log\cpqstub.log). 14 Deployment options