cancel
Showing results for 
Search instead for 
Did you mean: 
SDH
Level 10
2,319 2,270 216 675
Message 1 of 1
996
Flag Post

TPM is default disabled in BIOS

HP Recommended

This post is to inform the forum members that TPM probing and updating won't work unless the TPM device is enabled in BIOS.  It has been default hidden in BIOS for years in the past by HP...  This post is edited from my response to another forum member but now is not buried in that thread:

 

Many of us are pretty clueless about TPM, and also to the fact that earlier generations of the HP workstations came from the factory with the TPM device set to hidden in BIOS, and that it also would be reset to hidden if you restore BIOS to factory defaults in a workstation you had changed the TPM device to "available".  That particular unexpected event is how I became less clueless about this option years ago.

 

That "hidden" default BIOS setting is a common reason you may not be able to see/probe/use/update your TPM device.  The idea behind why devices would be hidden as a security setting is because that makes the device truly not visible to the OS or to BIOS.  Device manager cannot see the device if it is hidden so DM will not tell you that a driver is missing, etc.  I have no idea why HP originally thought the TPM security device was better defaulted to hidden than available.  Seems counter-intuitive.

 

The earlier BIOS versions in HP workstations such as the xw and ZX00/ZX20 generations let you unhide the TPM device by F10 into BIOS, go over to the Security tab, down to Device security, HP factory settings were to have Embedded Security Device set to Device Hidden.  Change that to Device Available.  F10 to save that and also save properly on the way out of BIOS.  Now you can probe the TPM, update it, configure it, etc.

 

The newer HP workstation BIOS starting with the ZX40 has more complex BIOS navigation.  I have our ZX40 and later BIOS set to be able to use the Esc key to easily get into BIOS... repeated presses a bit faster than 1/second.  Once there go over to your Security tab, down to TPM Embedded Security, make sure it is set to TPM Device Available instead of Hidden, and also you'd want TPM State Enabled.

 

We're all having to learn this stuff now with the W11Pro64 fiasco Microsoft is forcing if you want to upgrade from W10 to W11.  They state they are requiring TPM 2.0.  Many of us only have TPM 1.2.  I'm not going overboard on this yet because it is too soon.  There are TPM 1.2 to 2.0 firmware updaters from HP for some of the later workstations such as the Z440/Z640.  I'll eventually get around to upgrading this particular Z440 from 1.2 to 2.0.... it is a firmware update process and the original chip soldered on the motherboard becomes the newer chip by that flash.  Not going to do that yet.... no rush.

 

From my side.... I believe that HP can come out with a TPM updater for the ZX20 v2 generation.  They have done that for a large number of business PCs, workstations, and laptops already.  By unhiding the TPM in BIOS in a Z400 v2 I was able to get to it with a Toshiba TPM 1.2 updater (to a more recent 1.2 version than it has from HP), and could have hit the Update button but chose not to.... maybe HP could even release an updater to TPM 2.0 for the ZX00 generation of workstations.  I'd be happy as a clam if they'd just do it for the ZX20 v2 generation.

 

You can see a large list of HP PCs, workstations, and laptops that that HP has released TPM firmware updaters for... here is version 11, but we need a version 12 with ZX20 workstations added to that list of workstations that can be updated to TPM 2.0.  We're only interested in 1.2 to 2.0 updaters now:    HPSBHF03568 rev. 11 - Infineon TPM Security Update | HP® Customer Support

 

A final note....MS has certain requirements that they impose on PC/workstation producers to specify which processor(s) must be present before MS will allow W11 to be pre-installed from the factory.  The same has been true with earlier MS OS releases in the past.  This has not meant all other processors will not work.  A souped-up Z640 (or maybe Z620 v2 with a flashed-to-TPM 2.0 chip) will likely run fine under W11 as has been the case  with similar prior OS upgrades.  Too soon to worry.  Start asking HP for a TPM 1.2 to TPM 2.0 flash updater for your valuable workstations now.  Once you have that I believe you'll be golden.

Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation