Of course it cant be just 'that easy' as explained above...

Trying to log in via Hello face recognition my face was not recognized today and I  was prompted to enter my PIN. That happens every once in a while so I typed in my PIN... just to be propted with the following very helpful message:

"Something happended and your PIN isn't available. Choose another sign-in option and set up your PIN again by going to Settings > Accounts > Sign-in options"

Great... face regognition worked at the second try but under Sign-in options changing my PIN didnt work either. It seems like the TPM update somehow messed up the PIN sign-in method...

Guessing that I might have to 'Clear' the TPM to get things working again I went throgh the following procedure to make sure I could access my BitLocker encrypted drive afterwards:

- Under Control Panel -> BitLocker Drive Encryption I backed up my recovery key (again)

- I then suspended BitLocker by using the following command in PowerShell

Suspend-bitlocker -MountPoint “C:” -RebootCount 0

 You can also do this in Control Panel but RebootCount 0 makes sure BitLocker stays suspended until I manually enable it, not automatically enabled after the next reboot.

- In Windows Defender Device Security I then proceeded to Clear TPM. I expected to be prompted by the BIOS to confirm this but the laptop just rebooted and all looked ok.

However, PIN sign-in still did not work... I re-enabled BitLocker without problems and proceeded to remove the PIN, which also disables Windows Hello.

After removing/setting  a new PIN everything seems to be working again... for now.

Maybe the 'Clear TPM' was not needed, removing/setting a new PIN might be sufficient.

Good luck and have fun everybody...

Thanks for posting this info tijas - your suggestion worked for me.  I was able to successfully install the SoftPaq on my ac0XX and now my Windows 10 TPM warning message is gone.  I did not have BitLocker enabled, so I did not need to worry about disabling that.  After the install, I did need to manually remove my Win10 PIN login and set-it up again in the Windows 10 control panel in order for Windows Hello and my PIN login to work correctly again.

For anyone having problems after the install, I would recommend reading ahsfpm2's post later in this same thread for a possible solution:

https://h30434.www3.hp.com/t5/Notebook-Software-and-How-To-Questions/TPM-Trusted-Platform-Module-for...

Also as FYI - the typo from version 6 of the security bulletin has now been fixed as of version 7, posted on 5/21/2018 to this website:

https://support.hp.com/us-en/document/c05792935

     SUPPORT COMMUNICATION- SECURITY BULLETIN
     Document ID: c05792935
     Version: 7
     HPSBHF03568 rev. 7 - Infineon TPM Security Update
     Notice: The information in this security bulletin should be acted upon as soon as possible.
     Release date : 16-Oct-2017
     Last updated : 21-May-2018

The following is the correct TPM (Trusted Platform Module) update which should be downloaded and installed for the HP Spectre X360 Convertible 13 - ac0XX:

• Product Name:  HP Spectre x360 Convertible (models 13-ac000 ~ 13-ac099)
• Fixed Version(s):  SLB9665 TPM 2.0 ver. 5.62.3126.0
• SoftPaq#:  SP84209
• SoftPaq Link:  https://ftp.hp.com/pub/softpaq/sp84001-84500/sp84209.exe

Thank you ahsfpm2 and schlatts. You're stars.

Incredible... today I updated to Windows 10 Version 1903. The update went smooth, no issues. After about 2hrs working after the update, I am all of a sudden greeted by a Windows Blue Screen due to some ndis.sys exception. After the reboot I checked the Windows event log and did not find anything pertaining to the BSOD but there were lots of TPM Information events.

These events seemed to run every minute and always resulted in an event stating that the TPM cannot be provisioned for use automatically...

I thus looked up the TPM status in the "Security Processer" settings and what do I see?

The version seemed extremely old and I started googling and came accross an HP Security Bulletin linking to TPM Updates... only then did I remember that I previously updated the TPM and that I documented it in some HP support forum... So here we go again. Somehow the Windows Version Upgrade downgraded my TPM version!!! This time there were no nagging info's and would it not have been for the BSOD, which was probably unrelated, I might have never known! Maybe it has been downgraded for some while already without me realizing, but I only see TPM event logs after the Windows upgrade.

So I followed my own above documented procedure again and downloaded the same update file from HP. This time I did not have BitLocker enabled, my SDD is currently un-encrypted. I installed the update, rebooted, and could even log-in with Windows Hello or my PIN without problem. But:

TPM Version has been updated but it is still not ready, supported, whatever. Windows event log entries continued to pile up. I thus booted into the BIOS (F10 during boot) and in the "Security" section there are some TPM entries. "TPM Device" was set to "Available" but "TPM State" was set to "Disable"! I sure did not disable the TPM and don't know the status before the Windows Upgrade but this obviously made no sense. I enabled the TPM State setting and rebooted, it took a couple of minutes but now all seems to be back to normal:

Windows Event log only showed one more round of TPM event entries with the last one stating "The TPM was successfully provisioned and is now ready for use."

This was again a completely unnecessary waste of time and a firmware downgrade MUST NOT HAPPEN!!!

I hope someone at HP is reading this and finally takes some action, I do not intend to repeat this procedure every time Microsoft pushes a Windows 10 Upgrade!