BitLocker, TPM, and Gateway

Discussion in 'Windows Vista Security' started by APA, Sep 15, 2006.

  1. Hi APA, did you run this on an elevated command prompt?
    To get an elevated command prompt, right-click on the "Command Prompt"
    shortcut under All Programs->Accessories and click "Run as administrator".
    The command prompt window should say "Administrator: Command Prompt" in the
    title.
    Thanks!
    -
    Jamie Hunter [MS]

     
    Jamie Hunter [MS], Oct 3, 2006
    #21
    1. Advertisements

  2. APA

    APA Guest

    Jamie,

    Ok, I started the command prompt with Admin permissions. Here's the output
    from from the two commands...
    -SNIP
    C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
    Microsoft (R) Windows Script Host Version 5.7
    Copyright (C) Microsoft Corporation. All rights reserved.

    ERROR: A compatible Trusted Platform Module (TPM) was not detected.

    C:\Windows\System32>cscript manage-bde.wsf -on c:
    Microsoft (R) Windows Script Host Version 5.7
    Copyright (C) Microsoft Corporation. All rights reserved.

    Volume C:
    [OS Volume]
    ERROR: Specifying the parameter '-StartupKey' is required to Bitlocker-protect
    the OS volume.
    Type "manage-bde -on -?" for more information.
    -END SNIP

    Thanks,

    APA
     
    APA, Oct 3, 2006
    #22
    1. Advertisements

  3. Ok, thanks! Can you look in the event log to see if there are any errors
    logged by the TBS (TPM Base Services). Thanks!
    -
    Jamie Hunter [MS]
     
    Jamie Hunter [MS], Oct 4, 2006
    #23
  4. APA

    Jeff Guest

    Jamie,
    Not to jump in but;
    My Dell e1505 has TPM too; and Vista is saying TPM not found.
    Same message.

    Jeff

     
    Jeff, Oct 4, 2006
    #24
  5. APA

    APA Guest

    Jamie,

    Here's the event log data from the TBS:

    -SNIP
    A compatible TPM is not found. TBS requires TPM version 1.2 or greater, but
    the version of the TPM on the computer is ?.?.
    -END SNIP

    The event id is 538. FWIW, in Device Manager, under Security Devices,
    'Broadcom TPM' is listed. On the Details tab of the Broadcom TPM Properties,
    with Device description as the selected property the Value is: Broadcom
    Trusted Platform Module (A1), v1.2.

    If I change the selected Property to 'Install State' the Value reported is:
    00000000. I have tried searching the registry for 'TPM' and hopefully
    changing this value. No luck in finding a registry key cooresponding to this
    value.

    Jamie, thank again for sticking with me on this issue. It is greatly
    appreciated!

    Best regards,

    APA

     
    APA, Oct 4, 2006
    #25
  6. APA

    APA Guest

    Jamie,

    I found one more event viewer entry relating to TBS. Here it is:

    Log Name: System
    Source: Microsoft-Windows-TBS
    Date: 10/3/2006 10:56:08 PM
    Event ID: 16392
    Task Category: None
    Level: Error
    Keywords:
    User: LOCAL SERVICE
    Computer: RC1B5728.domain.local
    Description:
    An error occurred while starting the TBS. The error code was 0x8029021a.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-TBS"
    Guid="{51480c1a-90aa-416e-98fd-4c11f735349b}" />
    <EventID>16392</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2006-10-04T02:56:08.950Z" />
    <EventRecordID>1790</EventRecordID>
    <Correlation />
    <Execution ProcessID="1168" ThreadID="2340" />
    <Channel>System</Channel>
    <Computer>RC1B5728.domain.local</Computer>
    <Security UserID="S-1-5-19" />
    </System>
    <EventData>
    <Data Name="ErrorCode">0x8029021a</Data>
    </EventData>
    </Event>

    Thanks,

    APA

     
    APA, Oct 4, 2006
    #26
  7. More than likely it it because the BIOS in your Dell is not doing the
    "magic" that makes Vista a happy camper with a TPM.
    What is required is a BIOS/firmware refresh and at least the Precision M70
    A04 BIOS that I tried is not correct. I can only assume that other BIOS for
    TPM support is the same, probably until either Vista is released or Dell
    gets enough support requests to move towards a fix.

    --
    The personal opinion of
    Gary G. Little

     
    Gary G. Little, Oct 4, 2006
    #27
  8. Ok, thanks APA.
    So I got a couple of PM's in my office with me to figure out what happened.
    This is what we understand to be the case:

    Some machines report Broadcom 1.1 parts with the same PnP ID as other
    machines report Broadcom 1.2a1 parts. Vista is incorrectly detecting this
    machine to have a 1.2 TPM, when it has a 1.1 TPM. This got caught later by
    TBS as a "Pre 1.2 TPM"

    The upshot is, the TPM is not usable on this machine as it's pre 1.2. There
    is confusion however as device manager reports that you have a 1.2 TPM when
    in fact it's a 1.1 TPM. Even if the TPM did work, the BIOS is very unlikely
    to have the necessary support anyway but the code never got far enough to be
    able to check that.

    Sorry for the frustration this caused and thanks for bearing with me on
    trying to figure out the problem.
    -
    Jamie Hunter [MS]

     
    Jamie Hunter [MS], Oct 4, 2006
    #28
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.