10-10-2019 06:00 AM
We are installing bitlocker in PCs and for some, TPM is deactivated and it has to be enabled in the BIOS, under the option "Security Chip".
So my question is this: how does it that in some of these PCs, the "Security Chip" option is missing?
Here are the specs:
Solved! Go to Solution.
10-10-2019 10:28 PM
TPM is an option on T470s. Some models have it and some do not. Are all the machine types the same? It will be on asticker on the back or on the BIOS screen
10-11-2019 03:11 AM
Thank you for responding. The models are all 20JTS11X00 but, just as you said, some have the "Security Chip" options, other don't.
Since all of the "problematic" PCs are from remote hosts, we can't tell if they have a sticker or not. But we've verified that all of them are of the same model.
10-11-2019 07:37 AM
I don't know any more. If they are the same model, they should be the same. The parts lookup for 20JTS11X00 shows they should have a TPM chip. All I can suggest is that you hit F9 in the BIOS to load defaults
10-11-2019 08:07 AM - edited 10-15-2019 11:00 AM
Not something I know _anything_ about but IIRC there's a security chip disable option that will make it permanently disappear
from BIOS. Any chance this has been manually/previously selected in the remote machines?
From the BIOS simulator:
[edit to correct] That "hidden" comment means hidden from Windows, not BIOS. See down-thread.
The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.
The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored - questions and answers belong in the forum so that others may contribute and benefit. ... GeezBlog
10-14-2019 12:26 AM
Thanks for your reply.
If I disabled that option, the "Security Chip" menu will still be visible in the BIOS menu. We have found remote machines that have the "Security Chip" menu and that option set to "disabled".
The thing that happens is that the computer won't find a compatible TPM in order to encrypt.
10-15-2019 10:29 AM
There is not any option to permanently disable the TPM. If the BIOS setting in Security -> Security Chip is Disabled, it means the OS will not see the TPM. So you have to enable the TPM in BIOS Setup so that the OS can use it. If there is not any BIOS setting about Security Chip then it means the system does not have a TPM.