How do I upgrade my Dell TPM 1.2 to 2.0 BIOS?

Table of Contents

• Upgrade TPM 1.2 to 2.0 in DELL:
• Preparing  the TPM Bootable Pen Drive:

Upgrade TPM 1.2 to 2.0 in DELL:

• Before proceeding the below steps first restart your laptop/PC and enter into BIOS.
• To enter in to BIOS press F12. And if you are in UEFI mode disable it.To disable UEFI goto  BIOS setup,In BIOS go to General > Boot Sequence > Boot List Option. Change UEFI to Legacy. To save the changes, click Apply > Exit.

  Upgrading TPM from 1.2 to 2.0 has been a recommendation for the past few years, but apart from increased security, there hasn’t been a practical reason why you would need to update.

  But on Friday, June 25th, 2021, everything changed when Microsoft announced Windows 11 and the requirement of TPM 2.0.

  Most computers released within the past 3 years should have TPM 2.0. Some older machines might have TPM, but TPM 1.2. In those cases, the TPM firmware needs an update to 2.0, which this blog post covers.

  This blog post covers the TPM chip and how to do a firmware update from TPM 1.2 to TPM 2.0 for HP machines using HP TPM Configuration Utility and SCCM.

  Note that a prerequisite for everything in this blog post is that enable TPM in the HP BIOS.

  What is the TPM chip?

  TPM 2.0 has been around since 2013, but since July 28, 2016, vendors are required to provide their machines with TPM 2.0.
  The Trusted Platform Module (TPM), is a hardware component on the motherboard, developed by Intel, providing physical-level security for Windows 10. TPM 2.0 is now a requirement for Windows 11.

  The TPM chip is required for features such as:

  • Bitlocker
  • Windows Defender Credential Guard

  The only feature that I know of that requires TPM 2.0 is Device Encryption (Not Bitlocker). TPM 2.0 was also required for Credential Guard in Windows 10 1507, but this is no longer the case.

  You can go to all machines in your environment, enable TPM in BIOS, and upgrade them to TPM 2.0. Unfortunately, this is no way of working in an enterprise environment.

  This blog post describes how to upgrade the TPM chip firmware from 1.2 to 2.0 for HP machines using Microsoft Endpoint Manager (SCCM) and HP TPM Configuration Utility.

  If you are interested in downgrading TPM from 2.0 to 1.2, refer to my other blog post.

  TPM 1.2 vs. 2.0

  TPM 2.0 adds additional security benefits compared to TPM 1.2.

  Read more about it on Microsoft Docs.

  How to verify TPM firmware version

  Here you can find a list of HP laptops with TPM 1.2: https://support.hp.com/bg-en/document/c05381064 .

  You can verify the current TPM firmware version on the device:

  1. Windows Security settings in Windows 10
  2. Powershell
  3. TPM.MSC

  The different version properties on the chip are:

  • Manufacturer version
  • Specification version

  Alternative 1 – Windows Security settings

  
  

  Alternative 2 – Powershell

  Start an elevated Powershell window and use the following Powershell command:

  Get-WmiObject -Namespace rootcimv2securitymicrosofttpm -Class Win32_TPM | Select Specversion 
  

  
  

  Alternative 3 – TPM.MSC

  The last alternative is by using TPM.msc

  
  

  How to do a HP TPM update from 1.2 to 2.0 using HP TPM Configuration Utility

  Configure HP BIOS settings

  In the below sections, I reference some BIOS settings that are to be automatically configured.
  Please refer to my blog post on How to use HP BIOS Configuration Utility to set BIOS settings to read about how I do this.

  In the blog post above, you will learn how to enable TPM, a prerequisite for following this blog post.

  Download HP TPM Configuration Utility

  The best way to update the TPM firmware is by using TPM Configuration Utility. You can retrieve the latest version through the HP Image Assistant (HPIA). Once installed, select the model you want to update TPM from 1.2 to 2.0 and download TPM Configuration Utility through the tool.

  IMPORTANT! Do NOT download the HP TPM Configuration Utility through any other sources, since you might not get the latest version!!

  Create an encrypted password file

  1. Open <filename>
  2. Enter password
  3. Save file

  Place source files on a source

  Place the source files on a share accessible by Microsoft Endpoint Manager (SCCM).

  Create a package in Microsoft Endpoint Manager (SCCM)

  Select Create Package in the Microsoft Endpoint Manager (SCCM) console.

  
  

  Give the package a name and browse to the UNC path of the source files.

  
  
  
  

  Select Do not create a program.

  
  

  Complete the wizard.

  
  

  Add a step to update HP TPM firmware in the Task Sequence

  In this example, we will run the TPM Upgrade steps in the Operating System Deployment Task Sequence. It is, however, possible to run an independent Task Sequence with these scripts.

  To use the correct firmware, the TPM Configuration Utility will need to know the Manufacturer version of the TPM script.

  With previous versions of the tool, you must either create a script to check the manufacturer’s version and apply the firmware file or create one Task Sequence step for each Manufacturer Version.

  However, in the later versions of the HP TPM Configuration Utility, this can be done automatically, using a switch.

  To upgrade TPM, you might need to disable virtualization, or more specifically, VT-X.

  Configure the Update TPM to 2.0 step Options tab to only run with the following WMI query:

  WMI Namespaceroot\cimv2\Security\MicrosoftTpmWQL QuerySelect * from Win32_TPM Where SpecVersion Like "%1.2%"
  
  
  
  

  Add a command-line step

  Tpmconfig64.exe -s –a2.0 -ppassword.bin
  

  Note: There should be no space between -p and the password file!

  
  

  Conclusion

  To comply with the newest security baselines and also to be able to install Windows 11, you should upgrade existing machines to TPM 2.0.

  How many devices do you still have that run TPM 1.2? Please answer in the comments below 🙂

  References

  • Microsoft Docs – Trusted Platform Module Technology Overview
  • Microsoft Docs – Why TPM 2.0?

  Related posts

  • How to deploy HP BIOS settings using SCCM
  • Downgrade HP TPM from 2.0 to 1.2 using the HP TPM Configuration Utility
  • TAGS
  • hewlett packard
  • hp
  • microsoft
  • tpm
  • tpm 1.2
  • tpm 2.0
  • tpm upgrade
  • trusted platform module
  • windows 10

  Facebook

  Twitter

  Linkedin

  ReddIt

  Previous articleHow To Delegate Permissions to Allow a User to Join a Computer to an AD Domain

  Next articleNewsletter – January 10-16 2022

  Daniel Engberg

  https://www.danielengberg.com

  Daniel Engberg has worked for the past 10 years with Enterprise Client Management, focusing on System Center Configuration Manager, Windows 10 and Powershell. Daniel is a Principal Consultant & Partner at Agdiwo, based in Gothenburg, Sweden.

  How do I install TPM 2.0 on Dell?

  Select TPM 2.0 Security. Select TPM On. Select Apply. Select Exit..

  Logon to Windows..

  Right Click on the Windows Start Button..

  Click Device Manager..

  Expand the Security Devices Node..

  You should see the Trusted Platform Module 2.0..

  Can I add a TPM 2.0 to my computer?

  Can I Add a TPM to My PC? If you built your own desktop PC in the last few years and you're comfortable tinkering with hardware and software security settings in the system's BIOS, you can probably add a discrete TPM 2.0 chip to your motherboard.

  How do I enable TPM 2.0 on Dell BIOS?

  Reboot the computer and press the F2 key at the Dell logo screen to enter BIOS or System Setup. Click Security in the Settings menu. Click the TPM 1.2 Security or TPM 2.0 Security option in the Security menu. Ensure TPM On and Activate are checked.

  How do I update my TPM firmware Dell?

  Recommended actions.

  Download and install the Windows operating system updates from Windows Update. If you have turned on automatic updates in Windows Update, you don't need to take any action because the updates will be downloaded and installed automatically. ... .

  Install any applicable firmware updates. ... .

  Clear your TPM..