Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemEnterprise Client Management
All Forum Topics
Options

5 Posts

06-01-2017

United States of America

13 Signins

85 Page Views

  • Posts: 5
  • Registered: ‎06-01-2017
  • Location: United States of America
  • Views: 85
  • Message 1 of 26

Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-06-07, 23:25 PM

We have been imaging T460's, etc. that are fine (using TPM 1.2, Discrete TPM, Secure boot: disabled, Both Legacy and UEFI boot, Windows 10 Enterprise).I am using these same settings to image the T470 and set bitlocker in the task sequence from SCCM 2012, but everytime it boots, it prompts for the recovery key instead of the PIN. The only difference is TPM 2.0 on the T470.

I have tried different BIOS settings (and have the latest BIOS), I have turned bitlocker on and off, etc. but the problem remains.

I see that Dell has released an utility to downgrade their chip from 1.2 to 2.0, but I need to find a solution for these Lenovos. Downgrading 1.2 would be fine - does Lenovo have this utility? or is there another solution?

Thanks

Reply
Answer
Options

800 Posts

06-09-2015

United States of America

5301 Signins

50961 Page Views

  • Posts: 800
  • Registered: ‎06-09-2015
  • Location: United States of America
  • Views: 50961

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-06-08, 18:31 PM

hi

 

the discrete tpm 2.0 chip is designed to work in UEFI boot mode only. the tpm will not be enabled and prevents bitlocker from working properly if you try to install windows in legacy boot mode. to my knowledge, the tpm cannot be downgraded in these kabylake systems.  skylake systems have the option to switch between 1.2 and 2.0.

 

is there a reason why you're disabling secure boot prior to installing windows 10?  highly recommended to keep it enabled.

Reply

Replies(25)
Answer
Options

800 Posts

06-09-2015

United States of America

5301 Signins

50961 Page Views

  • Posts: 800
  • Registered: ‎06-09-2015
  • Location: United States of America
  • Views: 50961
  • Message 2 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-06-08, 18:31 PM

hi

 

the discrete tpm 2.0 chip is designed to work in UEFI boot mode only. the tpm will not be enabled and prevents bitlocker from working properly if you try to install windows in legacy boot mode. to my knowledge, the tpm cannot be downgraded in these kabylake systems.  skylake systems have the option to switch between 1.2 and 2.0.

 

is there a reason why you're disabling secure boot prior to installing windows 10?  highly recommended to keep it enabled.

0 person found this solution to be helpful.

This helped me too

Reply
Options

2 Posts

06-06-2017

United States of America

5 Signins

43 Page Views

  • Posts: 2
  • Registered: ‎06-06-2017
  • Location: United States of America
  • Views: 43
  • Message 3 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-06-09, 18:17 PM

I was having the same issue. I was able to find someone in our organization that had the issue as well and was able to figure out how to get around it.

 

To install Windows 10 Enterprise with Bitlocker enabled on Lenovo T470.

 

- Download and install Rufus

- Make sure BIOS is set to default (Secure boot Enabled and to boot UEFI)

- Select GPT partition scheme for UEFI, File system FAT32 (Default), Quick fomat, Create a bootable disk using ISO, Create extended labeland icon files, select your Windows 10 ISO

 

Good Luck and cheers!

Reply
Options

5 Posts

06-01-2017

United States of America

13 Signins

85 Page Views

  • Posts: 5
  • Registered: ‎06-01-2017
  • Location: United States of America
  • Views: 85
  • Message 4 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-06-09, 22:26 PM

Thanks for the responses. We were trying to keep our images and task sequences from changing over to UEFI right now, but it doesn't look like that is possible and still use Bitlocker which is mandatory. 

 

We will work on moving to UEFI.

Thanks.

Reply
Options

25 Posts

07-21-2016

United States of America

30 Signins

308 Page Views

  • Posts: 25
  • Registered: ‎07-21-2016
  • Location: United States of America
  • Views: 308
  • Message 5 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-23, 14:50 PM
nio, how did your move to UEFI go? We are hitting a wall as well, probably going to need to go the same way.
Reply
Options

5 Posts

06-01-2017

United States of America

13 Signins

85 Page Views

  • Posts: 5
  • Registered: ‎06-01-2017
  • Location: United States of America
  • Views: 85
  • Message 6 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-23, 15:21 PM

STMoist - unfortunately, we are using a work around for now - we are a small enough company that I am just manually installing Windows 10 Enterprise from a usb drive then turning on Bitlocker. So, I am keeping all of the default UEFI settings. As soon as I have time(!) I plan to update our images and task sequences... If you beat me to it, please post about it :-).

Reply
Options

2 Posts

08-28-2017

Denmark

4 Signins

20 Page Views

  • Posts: 2
  • Registered: ‎08-28-2017
  • Location: Denmark
  • Views: 20
  • Message 7 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-28, 8:15 AM

Hello. We are having the same issue with our new computers T570, right now we have to install about 100 computers, and unlike the old T560 computers we are not able to choose Discrete TMP in BIOS. This is an urgent issues for us, are there an estimated time for a new bios that are able to change to Discrete TPM?

Reply
Options

6826 Posts

10-29-2009

United States of America

17767 Signins

164949 Page Views

  • Posts: 6826
  • Registered: ‎10-29-2009
  • Location: United States of America
  • Views: 164949
  • Message 8 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-28, 13:36 PM

wrote:

Hello. We are having the same issue with our new computers T570, right now we have to install about 100 computers, and unlike the old T560 computers we are not able to choose Discrete TMP in BIOS. This is an urgent issues for us, are there an estimated time for a new bios that are able to change to Discrete TPM?


T570 has discrete TPM 2.0 already.  What OS are you deploying?

20H9 and 20HA are Win10-only, and to use BitLocker you must deploy in UEFI mode (not legacy).

Reply
Options

25 Posts

07-21-2016

United States of America

30 Signins

308 Page Views

  • Posts: 25
  • Registered: ‎07-21-2016
  • Location: United States of America
  • Views: 308
  • Message 9 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-28, 14:20 PM

I think the confusion might be the naming in the BIOS. In the T460/560 family, the options were named Intel PTT (TPM 1.2) and Discrete TPM (TPM 2.0), whereas in the T470/T570, it is simply called TPM 1.2 and TPM 2.0...

Reply
Options

6826 Posts

10-29-2009

United States of America

17767 Signins

164949 Page Views

  • Posts: 6826
  • Registered: ‎10-29-2009
  • Location: United States of America
  • Views: 164949
  • Message 10 of 26

Re: Bitlocker issue with T470 Tpm 2.0 Windows 10

2017-08-28, 14:35 PM

wrote:

I think the confusion might be the naming in the BIOS. In the T460/560 family, the options were named Intel PTT (TPM 1.2) and Discrete TPM (TPM 2.0), whereas in the T470/T570, it is simply called TPM 1.2 and TPM 2.0...


The BIOS help text explains that both TPM 1.2 and TPM 2.0 are discrete...

However only the T470/T570/etc with SkyLake CPUs (such as i7-6600U) have both of these options (TPM 1.2 and TPM 2.0).  The T470/T570/etc with KabyLake CPUs (such as i7-7600U) only have TPM 2.0 which is always discrete.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms