English Community

  • 1
  • 2
Go to page

Re: enabling security chip on thinkpad during OSD

HI, I found this procedure to enable the security chip  ( http://thinkdeploy.blogspot.ca/2017/03/preparing-tpm-for-bitlocker-pre.html) but I can't make it works, the powershell doesn't enable the TPM chip in my lab.  I know I can use other method like think bios tools or Lenovo BIOS wmi Script but, because Lenovo is not consistant with the name of the setting in the BIOS, I would have to create four task and create a wmi query that match each model number for those task.  I would really like to make this works since it only 1 task to enable the chip.

0
0

Re: enabling security chip on thinkpad during OSD

did you enable powershell support in your boot image?
0
0

Re: enabling security chip on thinkpad during OSD

Yes I did, I will test it manually tomorrow in winpe using F8 to open a command prompt and post the result I have. 

0
0

Re: enabling security chip on thinkpad during OSD

Ok, I finally got more time to test this; I followed this procedure to test enabling the TPM chip https://blogs.technet.microsoft.com/heyscriptingguy/2015/05/25/powershell-and-bitlocker-part-1/

 

First I verify the status of the chip with (Get-WmiObject -Namespace "root\wmi" -Class Lenovo_BiosSetting).CurrentSetting  and the value is SecureChip,Disable

 

Next I ran this command and ran get-member on the $tpm variable

$tpm = get-cimclass -namespace ROOT\CIMV2\Security\MicrosoftTPM -Class Win32_TPM

$tpm | gm

  

 

 

If I look at the procedure from the link, some information are missing at this point, now I ran this command and get the information from the variable and I get and error.

$tpm1 = get-wmiobject -namespace ROOT\CIMV2\Security\MicrosoftTPM -Class Win32_TPM

$tpm1 | gm

 

gm : Vous devez spécifier un objet pour l’applet de commande Get-Member.
Au caractère Ligne:1 : 9
+ $tpm1 | gm
+         ~~
    + CategoryInfo          : CloseError : (:) [Get-Member], InvalidOperationException
    + FullyQualifiedErrorId : NoObjectInGetMember,Microsoft.PowerShell.Commands.GetMemberCommand

 

 

0
0

Re: enabling security chip on thinkpad during OSD

now, I can get the information with powershell if the security chip is enable, but I tought the goal of this procedure was to enable the TPM chip in the bios. 

0
0

Re: enabling security chip on thinkpad during OSD

as noted in the first blog, you need to use the setphysicalpresencerequest method to enable/activate the tpm. value 10 should be all you need, followed by a reboot for the changes to take effect.
0
0

Re: enabling security chip on thinkpad during OSD

Fred_B,

 

Can you try try the following to enable the TPM in the BIOS and then follow the blog post. 


First, run


(gwmi –NameSpace root\wmi –Class Lenovo_SetBIOSSetting).SetBIOSSetting(“SecurityChip,Enable”)


Then run


(gwmi –NameSpace root\wmi –Class Lenovo_SaveBIOSSettings).SaveBIOSSettings()


Then reboot the box. 

 

TLawson

0
0

Re: enabling security chip on thinkpad during OSD

@tlawson:

 

I'm aware that we can use that method and confirm that it works, the only problem I see using this method is that the value is not always the same in the BIOS for the security chip, sometime it is "securitychip,enable" or it could be "securitychip active"  or there is a space for "security chip".  I can probably try build a powershell script that will manage all four options but I'm not that good with powershell. I could match the value per model with 4 task sequence but it's heavy to manage. I would have to get the value for each model we have and than update that each time we get a new model. It's probably what i'm gonna end up doing, it's just that I liked the other method since it's only 1 task to enable the TPM chip on all our computers.

0
0

Re: enabling security chip on thinkpad during OSD

@pjogensen:

 

I ran the command manually and I get an error, probably a " or ( that need to be add or remove somewhere, like I said, my powershell skill are very basic.

 

C:\WINDOWS\system32>powershell.exe -executionpolicy bypass -command "(Get-WmiObject -Namespace "root\CIMV2\Security\MicrosoftTpm" -Class Win32_TPM).SetPhysicalPresenceRequest(10)"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ (Get-WmiObject -Namespace root\CIMV2\Security\MicrosoftTpm -Class Win ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

0
0

Re: enabling security chip on thinkpad during OSD

you're receiving that message because the TPM is disabled in BIOS.  which systems are you working with?  is TPM 2.0 the only option in BIOS?  if so, the chip should already come enabled from the factory, unless you manually disabled at one point.

0
0
  • 1
  • 2
Go to page

Identify Your Device

OR

Don't want to provide your serial number? You can also Browse by product

Find your Device

Problem solved or need help? Click here.