• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎11-05-2015 11:07 AM - edited ‎11-06-2015 12:31 AM

HP Recommended
Product: HP EliteDesk 800 G1 SFF
Operating System: Microsoft Windows 7 (64-bit)

Hello. We have used version 4.0.13.1 of HP BiosConfigUtility64.exe to grab the config from an existing HP EliteDesk 800 G1 SFF PC running BIOS version 2.65 with the following command

 

Biosconfigutility64.exe /Get:"TPM OFF.txt"

I then logged out went into the BIOS, went into Security -> System Security and enabled the embedded security device.

 

 I booted back into Windows and ran this command

 

Biosconfigutility64.exe /Get:"TPM ON.txt"

Both files have this at the top

 

BIOSConfig 1.0
;
;     Originally created by BIOS Configuration Utility
;     Version: 4.0.13.1
;     Date=" < THIS IS OBVIOUSLY DIFFERENT ON EACH FILE > "
;
;     Found 145 settings

So they have both found 145 settings.

 

When i reboot and disable the TPM in Security -> System Security and also make the Embedded Security Device "Device Hidden" in Security > Device Security. Save the settings and boot back into windows. Then run the following command

 

BiosConfigutility64.exe /cpwdfile:"pwd.bin" /Set:"TPM Set.txt"

The values in my "TPM Set.txt" file are as follows.

IOSConfig 1.0
;
;     Originally created by BIOS Configuration Utility
;     Version: 4.0.13.1
;     Date="2015/11/05" Time="17:51:47" UTC="0"
;
;     Found 145 settings
;
Embedded Security Device
	Device hidden
	*Device available
Activate Embedded Security On Next Boot
	Disable
	*Enable
Embedded Security Activation Policy
	F1 to Boot
	Allow user to reject
	*No prompts
OS management of Embedded Security Device
	*Enable
	Disable
Reset of Embedded Security Device through OS
	Disable
	*Enable

These seem to work to a certain point in so much that the Embedded security device changes from "Device hidden" to "Device Available" under Security -> Device Security however the setting under Security -> System Security for "Embedded Security Device" is still set to Disabled.

 

The result of this in my DOS window looks like this, which to me indicates succes?

<BIOSCONFIG Version="4.0.13.1" Computername="W97786" Date="2015/11/05" Time="18:
16:33" UTC="0">
        <SUCCESS msg="Successfully read password from file" />
        <SETTING changeStatus="pass" name="Embedded Security Device" reason="Success" returnCode="0">
                <OLDVALUE><![CDATA[Device hidden]]></OLDVALUE>
                <NEWVALUE><![CDATA[Device available]]></NEWVALUE>
        </SETTING>
        <SETTING changeStatus="pass" name="Activate Embedded Security On Next Boot" reason="Success" returnCode="0">
                <OLDVALUE><![CDATA[Disable]]></OLDVALUE>
                <NEWVALUE><![CDATA[Enable]]></NEWVALUE>
        </SETTING>
        <SETTING changeStatus="pass" name="Reset of Embedded Security Device through OS" reason="Success" returnCode="0">
                <OLDVALUE><![CDATA[Disable]]></OLDVALUE>
                <NEWVALUE><![CDATA[Enable]]></NEWVALUE>
        </SETTING>
        <SUCCESS msg="No errors occurred" />
        <Information msg="BCU return value" real="0" translated="0" />
</BIOSCONFIG>

I can confirm this in the BIOS visually and can also confirm it in windows by querying WMI (with powershell) using the below script, which should normally return the properties of the Win32_tpm class but instead returns nothing.

Get-WmiObject -namespace root\cimv2\security\microsofttpm -class win32_tpm

Can anyone tell me the setting I need to add to my "TPM Set.txt" to enable the embedded security device?

 

Am I doing something fundamentally wrong or does it seem as though there is some sort of bug in enabling the TPM on this model of system at this BIOS level using this version of HPBCU?

 

Any help or advice would be massively appreciated.

 

PS - This was also the case on a few other HP EliteDesk 800 G1's running Windows 7 Enterprise x64. The other machines had BIOS 2.21, this machine did as well and all the symptoms were the same. So i updated to 2.65 with HPQFlash, no difference.

 

2 REPLIES 2

‎06-02-2017 12:14 PM

HP Recommended

I'm having the exact same issue and would love to know why.  All of my BIOS settings replicate through the BiosConfigUtility and through the BIOS "Replicate Setup" menu, except for enabling the Embedded Security Device setting.

Was this reply helpful? Yes No

‎06-02-2017 01:43 PM

HP Recommended

After digging further, I discovered the following setting in the settings file I generated using the BiosConfigUtility64.exe:

 

Activate Embedded Security On Next Boot
*Disable
Enable

 

 

After changing this to *Enabled, when I next apply the BIOS settings and reboot, I'm prompted at the POST screen to press F1 to enable the embedded security device.  Doing this will then enable the setting in the BIOS.

 

The only downside is that this cannot be enabled remotely or through automation, a physical presence is required at the computer, which matches up with other info in the BIOS setup guide http://h10032.www1.hp.com/ctg/Manual/c05166986

 

 

Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.