Toshiba Tecra M5 BIOS support for Bitlocker in TPM mode?

Discussion in 'Windows Vista Security' started by matthewj9, Feb 1, 2008.

  1. matthewj9

    matthewj9 Guest

    I have a Tecra M5 (PTM51E) running Vista Ultimate. I would like t
    configure Bitlocker using the TPM which is on board. I am aware tha
    Bitlocker can be used without a TPM, but this requires the user to hav
    an external token e.g. on a USB drive which they have to insert at boo
    time. I would rather use the TPM mode so there will be no need for this

    I have flashed the BIOS to v3.60 which is the latest. Before I was abl
    to flash the BIOS from within Vista (which is the only option provide
    on the Toshiba European support site) I found I had to load the driver
    for the "Value Added Package", without this the BIOS updater simply say
    "Computer not supported". Another way to do it is get the BIOS for th
    PTM51U from the US site which allows you to write the BIOS updater ont
    a bootable floppy.

    I used the "Bitlocker Drive Preparation Tool" which is available as a
    "Ultimate extra" from Microsoft to set up the partitions as required b
    Bitlocker, i.e. my 40 GB hard drive is divided into a main partition t
    be encrypted C of 35.7 GB and a separate partition S of 1.5 GB.

    I have the "Trusted Platform Module" driver v3.00.1135.00 which is th
    latest. Having enabled the TPM in the BIOS (hold ESC when powering o
    and then hit F1, second page) I can then go into the Infineon Securit
    Platform Initialisation Wizard and set the "Platform Owner" and othe
    passwords etc.

    The TPM initialisation wizard automatically opens the Bitlocker confi
    applet when it finishes (or you can get to it any later time via th
    control panel)

    The message I get from the Bitlocker applet is:

    "Your system is not configured to use BitLocker Drive Encryption. Th
    BIOS did not correctly communicate with the Master Boot Record (MBR)
    Contact the computer manufacturer for BIOS upgrade instructions".

    Does anybody have this working on an M5 (i.e. Bitlocker with TPM)? Ho
    did you do it
     
    matthewj9, Feb 1, 2008
    #1
    1. Advertisements

  2. matthewj9

    Gary Mount Guest

    I got that message when trying to set up bitlocker on my machine.
    I turned off in the bios the boot sector virus protection and was good to
    go.
     
    Gary Mount, Feb 4, 2008
    #2
    1. Advertisements

  3. matthewj9

    matthewj9 Guest

    The Tecra M5 doesn't have BIOS-based antivirus protection for boot
    records etc. so far as I can tell.

    Were you using a Tecra M5?
     
    matthewj9, Feb 4, 2008
    #3
  4. matthewj9

    Gary Mount Guest

    It isn't antivirus as such, I think this setting just prevents a virus from
    writing to it. This will also prevent Bit locker from clearing it if this
    feature is enabled.
     
    Gary Mount, Feb 4, 2008
    #4
  5. matthewj9

    matthewj9 Guest

    Yes I understand - a BIOS setting which prevents ANY program from makin
    changes to the hard drive's boot record - something which a virus migh
    want to do, but which the user won't want to do very often (perhaps onl
    when they install the OS).

    I have looked very carefully through both screens of the v3.60 BIO
    system setup on the Tecra M5 and I cannot see such a setting.

    Am I missing something or are you simply using a different PC?

    Thanks M
     
    matthewj9, Feb 4, 2008
    #5
  6. matthewj9

    Gary Mount Guest

    I am using a Asus motherboard. I had the very message that you said;

    "Your system is not configured to use BitLocker Drive Encryption. The
    BIOS did not correctly communicate with the Master Boot Record (MBR).
    Contact the computer manufacturer for BIOS upgrade instructions"

    but I have successfully gotten bit locker to work. It seems to me that the
    only thing I did was to disable the virus feature in the bios.
     
    Gary Mount, Feb 4, 2008
    #6
  7. matthewj9

    matthewj9 Guest

    I had the opportunity to ask someone from the hardware team at Microsoft
    about this. It is a well known problem with the M5 they have come across
    internally. Here is what he said:

    ---
    ::During Toshiba Tecra M5 there was a transition from Intel Core Duo
    processors to Intel Core 2 Duo Processors. All systems coming with Intel
    Core 2 Duo processors were released after the final TPM/BitLocker
    specification was released, therefore their BIOS included the right
    Boot-block and EC/KBC BIOS firmware (this is different from the normal
    BIOS).::
    ::::
    ::In order to make systems with Core Duo procs to work with BitLocker,
    you need to flash a new Boot-block and EC/KBC BIOS firmware in addition
    to the normal BIOS.::
    ::::
    ::It's easy to find out if a system has Core Duo or Core 2 Duo
    processor... you only need to take a look at the msinfo32 information
    for each system. If the processor is a T2xxx family, it is Core Duo; if
    it is T7xxx, then it is Core 2 Duo.::
    ---

    In other words, to get an M5 with Intel Core Duo to work with
    Bitlocker, you need an additional firmware update as well as the BIOS
    update. Toshiba do not publish this extra firmware - it's not available
    on their site for download.

    I have spoken to Toshiba support about this. They suggest sending all
    80 of our Tecra M5s to an authorised support provider who will carry out
    the firmware update for us and return them.

    This is useless from our point of view - the 80 laptops are currently
    in the hands of 80 staff driving all over the UK. What we really want is
    the firmware so we can apply it ourselves.
     
    matthewj9, Feb 8, 2008
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.