This post is more than 5 years old
1 Message
0
72502
CCTK Clearing TPM
Current situation / Background -
I am using SCCM 2012 R2 with WinPE 6.39
I have created a task sequence that currently enables the TPM chip, takes ownership, places a password on the BIOS and then begins encryption, during deployment of a fresh machine.
We have locations worldwide, and I cannot disclose the BIOS password to our remote IT employees - so when re-imaging a machine, they're getting errors because the TPM chip is already active.
I need a "Refresh" scenario task sequence that clears the BIOS password and clears the TPM in the beginning of the deployment sequence in order to avoid having to manually go into the BIOS and clear the TPM.
Is this possible?
-Aaron
DELL-Warren B
1.1K Posts
0
April 24th, 2014 14:00
The current design laid out by the TrustedComputingGroup who owns the TPM spec, requires a manual verification when clearing the TPM. This is similar to SecureBoot which cannot be disabled programatically. We understand the security ramifications that are driving this requirement, but are also aware of the practical pain it causes. We are discussing our options on how to retain proper security protocol, while enabling the flexibility requested by customers.