Tuesday, June 10, 2008

Vista Upgrade Pains: How to clear your TPM in the BIOS.

Source: http://ftp.suse.com/pub/projects/opentc/period_1-POC_PET/docs/HOWTO-clear-and-reactivate-TPM-LenovoT60.txt

1) Activate a disabled TPM / Clear the TPM ownership:

- Power down the laptop if necessary; a reboot will not be sufficient
- Power on the laptop
- Enter the BIOS setup menu:
- Press the blue ThinkVantage button to bring up boot menu
- Press F1 when the boot menu appears
- The BIOS setup menu appears:
- Enter the "Security" section, then "Security Chip";
- Set the state of the "Security Chip" setting to "Active"
- Choose "Clear Security Chip" to revoke the current ownership
ATTENTION: This will delete all keys the TPM; Any data that has been
encrypted using the TPM beforehand will become inaccessible!
- Leave the BIOS setup menu, choose to save all the changes you made

2) Power off the laptop

3) Power on the laptop; the TPM should now be active and ready for take

If you ever upgrade from Windows XP to Vista, this will happen. You'll get some message saying when you run Client Security Solution that you cannot enroll any users for fingerprint authentication because the TPM data is from another operating system than Vista. And it instructs you to go to the BIOS to reset it. The above instructions actually worked, but this article itself was pretty hard to find. So I'm double posting it on here. Its hard to find because Lenovo's Client Security Solution seems like it gives you specific directions, but when you make it to the bios, there is no "Clear TPM" option. There is a "Clear Fingerprint Data" which when toggled to clear fingerprint data, it actually doesn't even clear fingerprint data. And it doesn't clear the TPM either. How you clear it is to set the state of the security chip to Active. Even though it is probably already set to Active. Once again, speechless on how ridiculously stupid this is. Its just text. Change it Lenovo.

No comments:

Post a Comment