Is my platform capable of switching modes?
Several Dell Latitude, Optiplex, and Precision platforms shipping in 2015 are capable of switching between 1.2 and 2.0 modes in the field.
Detecting mode switch capability:
In addition to referencing the table of supported platforms, below, there are also a few options for detecting whether a platform supports Dell discrete TPM mode switching in real time:
Platforms which support TPM 1.2-2.0 mode changes:
Platforms listed on the Dell TPM Platform Support page with support indicated for TPM versions 1.2 and 2.0 support mode changes.
Instructions for switching modes using the TPM update utility:
End users will be able to switch modes using a Dell-provided TPM FW update utility. There are a few steps required to switch modes, which can be performed manually by a physically present user, or automated for remote deployment:
1. Downloading the TPM update utility:
If your platform supports mode changes, the 1.2 and 2.0 mode change utilities are available for download here.
2. Clearing the TPM:
During the TPM mode change, the TPM FW update utility will warn you that data stored in the TPM will not be retained, and that the TPM owner should be cleared.
Data that may be erased during the TPM owner clear process:
2.1. A note regarding automatic ownership of TPM:
Depending on which OS you are using, the OS may attempt to re-take ownership of the TPM automatically after a reboot, once it has been cleared. This automatic ownership feature is normal, but it can interfere with the process of changing TPM modes using the Dell TPM update utility. In order to avoid this condition where the TPM is automatically owned after attempting to clear TPM ownership, you may want to configure the OS to pause the auto-own behavior temporarily.
Here are a few options for temporarily pausing the automatic TPM ownership feature in Windows:
2.2. Clearing the TPM with Powershell:
The TPM can be cleared using a command line, such as powershell clear-TPM.
2.3. Clearing the TPM from BIOS Setup:
The TPM can be cleared manually from within the Dell BIOS setup menu (note: for complete details on how to access and use the setup menu, please refer to the Dell owner's manual):
3. Running the TPM update utility
If you're using Windows, the TPM update utility can be launched from a Windows administrator command prompt, or by simply double-clicking the executable application icon.
The TPM update utility will also run in WinPE (with TPM Base Services enabled) or in DOS.
For reference, here is an excerpt of the the installation instructions provided by the Dell TPM update utility:
Dell TPM Update Utility for Windows/DOS
1. Click "Download File", to download the file.
2. When the File Download window appears, click Save to save the file to your hard drive.
Clear the TPM (See Note 2, 3, and 4)
1. Before running the TPM update utility, clear the TPM Owner. (From the OS, or from BIOS Setup).
Run the TPM update utility from Windows environment
1. Browse to the location where you downloaded the file and double-click the new file.
2. Windows System will auto restart and update the TPM during the system startup.
3. When the TPM update is finished, the system will auto reboot to take effect.
Run the TPM update utility from DOS environment, if Legacy Boot mode (Non-Windows users)
1. Copy the downloaded file to a bootable DOS USB key.
2. Power on the system, then Press F12 key and Select "USB Storage Device" and Boot to DOS prompt.
3. Run the file by typing copied file name where the executable is located.
4. DOS system will auto restart and update the TPM during the system startup.
5. When the TPM update is finished, the system will auto reboot to take effect.
Run the BIOS update utility from DOS environment if UEFI Boot Mode (Non-Windows users)
2. Power on the system, then go to BIOS Setup by pressing F2 and go to "General > Boot Sequence > Boot List Option".
3. Change "UEFI" to "Legacy" of Boot List Option.
4. Click "Apply", "Exit" to save changes and reboot system.
5. Press F12, then Select "USB Storage Device" and Boot to DOS prompt.
6. Run the file by typing copied file name where the executable is located.
7. When the TPM update is finished, the system will auto reboot to take effect.
8. Go to BIOS Setup by pressing F2 and go to "General > Boot Sequence > Boot List Option".
9. Change "Legacy" to "UEFI" Boot Option.
10. Click "Apply", "Exit" to save changes and reboot system.
Note 1: You will need to provide a bootable DOS USB key. This executable file does not create the DOS system files.
Note 2: If BitLocker is enabled on your system, please make sure you suspend BitLocker encryption before updating
TPM on a BitLocker enabled system.
Note 3: The TPM must be ON and Enabled in BIOS Setup, and the TPM must not be owned. If the TPM is owned, go
to BIOS Setup and clear the TPM before proceeding.
Note 4: When the TPM is cleared, some operating system will automatically take ownership of the TPM on the next boot. This feature will need to be disabled to proceed with the update.
After completing the mode change, the TPM can be used normally. Depending on which TPM mode you have selected, you may need to re-enable the TPM in the Dell BIOS before the OS can take advantage of TPM features.
This can be accomplished in a few different ways:
Dell BIOS setup Menu
The TPM can be re-enabled using the Dell BIOS Setup Menu, which can be accessed by pressing the F2 key during a reboot, when the Dell logo is displayed on the screen.
To enable the TPM: Navigate to Security > TPM Security > Enable
The Dell BIOS TPM Enable setting can also be configured remotely, using the Dell Client Command Suite.
Select the option in the right side of the TPM.msc (see above for instructions) window labeled Prepare the TPM for use
From an administrator command prompt, use the Windows powershell Initialize-tpm command
Windows OS's that support Bitlocker include a utility called manage-bde.exe, which can perform some limited configuration of the TPM for Bitlocker deployment. Descriptions of the TPM commands available with the Microsoft Windows manage-bde.exe tool can be found here.
manage-bde.exe -tpm -turnon
manage-bde.exe -tpm -takeownership <owner password of your choosing>
Can you please provide information on how to use the TPM update utility within WinPE? We are using Windows 10 1607 for WinPE and enabling the WinPE-SecureStartup component which is used for Windows Secure Startup and TPM support. Unfortunately using that WinPE image does not allow the Dell TPM upgrade utility to launch.
I followed the instructions and continue to get the following message on my Dell Latitude E6530:
Error: The System TPM Query Failed, Aborting
Error: Unable to prepare the TPM update payload
It states above "The TPM update utility will also run in WinPE (with TPM Base Services enabled) or in DOS.". I cannot get this to run in WinPE (Windows 10 1607 release). I have added the WinPE-SecureStartup to the image and I can run manage-bde commands and access the WMI root\cimv2\security\microsoftTpm namespace.
Has anyone gotten this to work in WinPE?
I was unable to get the exe to run under WinPE 10. I did all the tasks that dawnwertz listed. I am trying to go from TPM 2.0 to 1.2 on a Precision 5510.
This page says the Precision 5510 is supported:
Yet this page says it's not:
After talking with Dell support. This will only work on 32-bit Windows PE. It will not work with the 64-bit version of Windows PE.
Apologies for the delayed response. The TPM FW support team has officially made 64 bit versions of the TPM update utilities available.
For TPM 1.2, the installer is DellTpm1.2_Fw184.108.40.206_V3_64.exe.
For TPM 2.0, the installer is DellTpm2.0_Fw220.127.116.11_V2_64.exe.
I don't deal with TPM in my daily work. I was wondering if TPM setting could affect how Boot-able USB drives act? I have multiple E5470 laptops, one has TPM 1.2 and the other TPM 2.0. We use bootable Ubuntu USB drives for certain secure tests. Issue is on the laptop with TPM1.2, setting boot order for USB first, as long as we use the same exact USB drive, it will boot to USB all day long. If we use a different USB, the boot order is changed to internal SSD. This is driving us crazy. I want student to be able to use any flash drive we give them.
Nick brought me your question.
I've sent you a friend request. Let's get an answer for you.