cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
steinage
Blue Screen Again
Posts: 1
Registered: ‎05-27-2016
Location: NO
Views: 759
Message 1 of 3

T460s SecurityChip Active - Script not working with BIOS

I am having issues with activating the security chip in BIOS using the script from Lenovo, SetConfig.vbs.

Model: 20F90042MN

UEFI BIOS Version: N1CET37W (1.05 )

UEFI BIOS Date: 2016-01-15

Embedded Controller Version: N1CHT25W (1.07 )

 

I am deploying Windows 7 with SCCM 2012 R2, and we are heavy users of all ThinkPad T4**s -models .

OSD (Operative System Deployment) with BitLocker activation for T400s, T410s, T420s, T430s, T440s and T450s are working perfectly.

 

T460s does not activate BitLocker, and it looks like the BIOS / Security Chip Activation is the issue.

The script successfully activate the security chip (SetConfig.vbs SecurityChip Activate), as I can confirm in BIOS, but Windows does not agree.

When I try to manually start BitLocker from Windows, it demands a reboot to activate TPM.

 

I have tried running the script several times (from Windows), and rebooting after every time, but still Windows needs to activate TPM itself, and do a reboot.

But if I go into bios, and manually enable SecurityChip (set to inactive first if already activated with the script, reboot, and then manually activate), I can start BitLocker from Windows without rebooting. Windows will then agree that TPM is activated.

OSD will also work after I have done this manually.

 

Why is it a difference with enabling with script, or enabling manually?

 

I tried updating the BIOS to 1.09 on another new T460s before deploying Windows 7, and then the script worked !!

A possible solution would be to automatically update the BIOS in the SCCM2012 OSD at the start of the Task Sequence, but this turned out to be easier said than done (tried both script and Lenovo ThinInstaller , but didn't get it to work. Most likely due to impatience).

 

But the reason I create this post is the fact that I could not find anyone with the same issue.

I can either find anything about this issue in the release notes for the new BIOS versions.

d00s7w
What's DOS?
Posts: 1
Registered: ‎06-13-2016
Location: UK
Views: 705
Message 2 of 3

Re: T460s SecurityChip Active - Script not working with BIOS

I have a very similar issue with the M700 Tiny; a BIOS update (run from a USB stick created from ISO) solves this problem but i am looking to create a SCCM Task Sequence targetted at these devices with BIOS version = xxxx so that the BIOS updates automatically at user first logon, before bitlocker policy applies.

 

i get the policy applying but then on shutdown/reboot the bitlocker unlock screen appears. a BIOS update solves this.

 

if i get anywhere with the TS i will post what i can here

MarioF
Punch Card
Posts: 9
Registered: ‎06-19-2016
Location: US
Views: 659
Message 3 of 3

Re: T460s SecurityChip Active - Script not working with BIOS

I am experiencing the same problem.  Hopefully a lenovo mod catches this post and add some input.

 

-Mario

Check out current deals!


Shop current deals

Top Kudoed Authors