• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.

‎02-11-2016 01:52 AM

HP Recommended
Product: Probook 650 G1
Operating System: Other

Hi,

 

Is it possible to reset the TPM on the Probook 650 G1 with the BCU? We've had no success so far with BCU 4.0.13.1. Using the GET statement suggests Reset TPM to Factory Defaults is a thing, but that doesn't reset the TPM at all (error code 6, access denied. The BIOS-password has been passed through correctly ). Even resetting the BIOS to factory defaults doesn't clear the TPM.

 

If resetting from the OS is the only way, we would be very unhappy. We need to reset the chip for OS deployments.

 

Kind regards,

Jeroen van der Linden.

5 REPLIES 5

‎02-11-2016 11:27 AM

HP Recommended

The TPM acts as a root of trust and therefore these systems require that the BIOS setup/admin password be set in order to make changes to it. What many enterprises do is

 

* set the BIOS password

* change the TPM (however it is needed)

* reset the BIOS password (in case it is not used by your organization).

 

It is always recommeded due to security that the BIOS password be set. That prevents users (or others) to go into the BIOS and make security changes that can impact the system

I work for HP. However, all opinions and comments are my own.

‎02-12-2016 01:34 AM

HP Recommended

Thanks for your answer. Unfortunately I fail to see how it answers my question.

 

The BIOS password has been set, otherwise the laptop could not have had information in the TPM, and if it didn't have information in the TPM we wouldn't need to reset it.

 

Maybe a bit of background will help clarify why I need to programmaticaly reset the TPM.

 

We want to deliver laptops with bitlocker enabled. We use the TPM for storing the keys. MBAM is used to give us the option to recover the encryption keys. So far so good.

 

Sometimes we need to reinstall a laptop from scratch. Unfortunately, it is impossible to escrow the already existing keys from the TPM to the MBAM database (in Windows 8.1 anyway). So we need to reset the TPM in our deployment task sequence. We've gotten it to work in the WinPE phase for Dell laptops with Dell's CCTK. Unfortunately we haven't had any luck with BCU.

 

So how do we reset the TPM using BCU? Clearing the admin password doesn't do it, resetting the BIOS doesn't do it, and clearing the TPM (see op for details) gives an access denied error.

 

Kind regards,

Jeroen van der Linden.

‎03-03-2016 05:10 AM

HP Recommended

Hi

Did you resolve the problem.

I getting the same error "6" Access denied if i would llike to reset the TPM.

Same version of bcu.

‎03-03-2016 05:57 AM

HP Recommended

Unfortunately we didn't.

‎03-03-2016 12:41 PM

HP Recommended

although currently the TPM can not be cleared with the BCU (the BIOS team has security concerns about remote clearing of the TPM based on the TCG guidelines), there is an option you can try, by using Powershell

 

Take a look at this PowerShell Cmd applet: Clear-Tpm

 

https://technet.microsoft.com/en-us/%5Clibrary/jj603122(v=wps.630).aspx

 

I work for HP. However, all opinions and comments are my own.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.