Jump to content


Recommended Posts

Hi all, 

Just wanted to post the resolution to this... 

Stage one: upgrade BIOS that supports the TPM FW Switch feature

image.png.1c11c4d9f99e6adb26ce77b8195e02e8.png

However when flashing the bios the process needed to shutdown afterwards to complete so I added into the TS a shutdown command whilst in WinPe, but inbetween that I displayed a message to the PXE booter informing that this will happen to then re-run the task sequence:

image.png.5f570ac4fda751bb38e62ff6655408d0.png

 

image.png.beeb8c7c593401c598d841e4cbe736dc.png

 

The group only ran if the model was correct and the BIOS version was out of date:

image.png.261c1887f5c66b63cf0749cd122aa0ac.png

Then once the BIOS was flashed, the instructions to the engineers were to re-run the task sequence again and obviously this time it skipped the BIOS upgrade as the WMI query was no longer valid, as the TPM chip defaulted to 2.0, I had to set the chip to 'Enabled' then change to 1.2 and then set the security chip to 'active' in that order, now I'm not sure if all of the reboot steps are required but the reboot after the TPM switch is 100% required, here's the steps in order:

image.png.e74753adf6d97b85ad443b6c6a1758c7.png

image.png.100d7d12b1cca59126bfd944831a2e26.png

image.png.4fa48e651be533cdb3ea35a002a2b9af.png

image.png.0807f3fafbda9ccb10479ec73e0f81fd.png

 

Sources:

BIOS Tools package: https://support.lenovo.com/ec/en/solutions/ht100612

Display message in WinPE (you have to add the 'Use Toolkit Package' before running this): https://blogs.technet.microsoft.com/deploymentguys/2011/07/01/message-box-script-for-lite-touch-task-sequences/

Now you cannot change the TPM version using the above tools as Lenovo purposely disable changing it via WMI due to security concerns, so there's a utility to change this: https://pcsupport.lenovo.com/ec/en/products/DESKTOPS-AND-ALL-IN-ONES/THINKCENTRE-M-SERIES-DESKTOPS/M810Z/downloads/DS121000 (download the BIOS Windows BIOS setting tool), documentation is attached in the tool to help you.

I'm sure there might be a way to streamline the above but this worked for me and the client.

Hopefully this might help someone in the future.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.