BitLocker, TPM, and Gateway

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM support on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The M280
has a Broadcom TPM 1.2 chip that is installed properly according to Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and the
"manage-bde.wsf" script will not recongize the chip. All other devices are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
in Device Manager under "Security Devices" as a Broadcom TPM. The properties
specify it as 1.2 using MS drivers.

Thanks,

APA

Jamie Hunter said:
What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

APA said:
Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and
the
"manage-bde.wsf" script will not recongize the chip. All other devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
Hi,

Did you try to install the original Broadcom TPM drivers rather than MS
drivers ? It may help it recognize !

abckid.

APA said:
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
in Device Manager under "Security Devices" as a Broadcom TPM. The properties
specify it as 1.2 using MS drivers.

Thanks,

APA

Jamie Hunter said:
What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

APA said:
Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and
the
"manage-bde.wsf" script will not recongize the chip. All other devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
Is the bitlocker window giving the message that you need TPM - i'm not using
Vista as i write this, but i think it is in yellow across the top of the
window.

Also is there a link to actually enable bitlocker?

I know that, by default, bitlocker is disabled for USB devices. I don't have
TPM on my machine so i have to use a USB drive key. I'm not even saying this
will work in your case but, if there is no link to enable bitlocker on the
bitlocker window page visit my website http://xphelpandsupport.mvps.org
Click the Vista Faq button and then click on question 4, 'enable bitlocker
encryption' It may just be that it is also disabled by default for TPM, i
don't actually know, but see if enabling it from group policy (as advised in
question 4 on my site) rectifies the problem.

--
John Barnett MVP
Associate Expert
http://xphelpandsupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
 
I'll talk to my co-workers on Monday, see if anyone has an idea what may be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

APA said:
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is
listed
in Device Manager under "Security Devices" as a Broadcom TPM. The
properties
specify it as 1.2 using MS drivers.

Thanks,

APA

Jamie Hunter said:
What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

APA said:
Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM
support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to
Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and
the
"manage-bde.wsf" script will not recongize the chip. All other devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
I did try the Broadcom drivers for XP. I can't find any Vista drivers. At
any rate, the XP drivers did not work.

Thanks for the reply.

abckid said:
Hi,

Did you try to install the original Broadcom TPM drivers rather than MS
drivers ? It may help it recognize !

abckid.

APA said:
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
in Device Manager under "Security Devices" as a Broadcom TPM. The properties
specify it as 1.2 using MS drivers.

Thanks,

APA

Jamie Hunter said:
What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and
the
"manage-bde.wsf" script will not recongize the chip. All other devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
Jamie,

Here's the output from 'manage-bde'

C:\Windows\System32>cscript manage-bde.wsf -tpm
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

C:\Windows\System32>

Thanks,

APA

Jamie Hunter said:
I'll talk to my co-workers on Monday, see if anyone has an idea what may be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

APA said:
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is
listed
in Device Manager under "Security Devices" as a Broadcom TPM. The
properties
specify it as 1.2 using MS drivers.

Thanks,

APA

Jamie Hunter said:
What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM
support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to
Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and
the
"manage-bde.wsf" script will not recongize the chip. All other devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
John,

I enabled all of the settings except the one to backup keys to AD. I don't
want to go that far yet. With the other settings enabled, there is no
mention of the TPM in the BitLocker Control Panel applet. There is a yellow
box with text saying my drive configuration isn't correct for BitLocker use.
I don't have a second partition yet.

I'm encouraged by the changes made in GPedit.msc. I will reinstall Vista to
properly configure the partitions and try it again. Thanks for the help,
John.
 
Jamie Hunter said:
I'll talk to my co-workers on Monday, see if anyone has an idea what may be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-

Jamie,

What did the co-workers have to say?

I seem to have a very similar problem. My platform is a DELL Lattitude X1
with a Broadcom TPM v1.2 chip. I've partitioned the harddrive, installed
Vista RC1 as per the "Windows BitLocker Drive Encryption Step-by-Step Guideâ€
from September 2006.

Device Manager tells me that I have (under Security Devices) a â€Bradcom
Trusted Platform Module (A1), v1.2†that is working properly. Yet when I go
to the BitLocker Control Panel, I get told "A TPM was not found" (in the
yellow box). If I try "manage-bde.wsf -tpm -TurnOn" I get

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

In the BIOS I have two items related to TPM: TPM Security (I've set it to
ON) and TPM Activation. If I try to enable the latter I am told I have to
load host drivers first, but this seems to be where I am stuck.

I thinking maybe I have to roll back to XP and use teh DELL/Bradcom supplied
utilities and drivers to get teh thing initialized, but was hping ther was a
more straghtforward way. Right now I feel I'm in a Catch-22.

Regards

- Kim
 
Hi APA, can you try these instead?

(1)
cscript manage-bde.wsf -tpm -TurnOn

(2)
cscript manage-bde.wsf -on c:

I expect one or both of these to fail, but I am interested in the failure
messages, which will tell me where to go from here. I'm not familiar with
the Gateway M280 or if it has the necessary BIOS support, but I know we've
had success with other Gateway machines.

Thanks!
-
Jamie Hunter [MS]

APA said:
Jamie,

Here's the output from 'manage-bde'

C:\Windows\System32>cscript manage-bde.wsf -tpm
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

C:\Windows\System32>

Thanks,

APA

Jamie Hunter said:
I'll talk to my co-workers on Monday, see if anyone has an idea what may
be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

APA said:
Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is
listed
in Device Manager under "Security Devices" as a Broadcom TPM. The
properties
specify it as 1.2 using MS drivers.

Thanks,

APA

:

What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM
support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280.
The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to
Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet,
and
the
"manage-bde.wsf" script will not recongize the chip. All other
devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
There are some BIOS'es (not sure if this is one as we have not tested this
machine) that do not yet support the "Physical Presence" interface. This is
an interface where the OS can initiate activation of the TPM in a manner
that ensures the user is aware of the process (to stop spyware/viruses/etc
activating the TPM). Check your BIOS menu's, and there may be an option in
BIOS to activate the TPM. If not, Dell may provide such a utility.
-
Jamie Hunter [MS]
 
Jamie Hunter said:
There are some BIOS'es (not sure if this is one as we have not tested this
machine) that do not yet support the "Physical Presence" interface. This is
an interface where the OS can initiate activation of the TPM in a manner
that ensures the user is aware of the process (to stop spyware/viruses/etc
activating the TPM). Check your BIOS menu's, and there may be an option in
BIOS to activate the TPM. If not, Dell may provide such a utility.
-
Jamie Hunter [MS]
Thansk Jamie

Since then I have tinkered on and found plenty of new information, but no
solution.

I rolled my system back to XP SP2. With this installed I could load the DELL
TPM Utilities and perform a “Vendor Activation†of the TPM chip. I assume
this process involves generating the initial key pair.

With that in place I could then (still with XP) enable EFS and operate an
encrypted set of files without problems.

Then I went back to Vista, hoping that my troubles now where gone, but alas,
same problem. The BitLocker wizard and manage-bdf script still tells me that
I don’t have a compatible TPM (as stated previously).

The Event Viewer has two event type related to this:

Event ID 516 and 16392. The description for both is “An error occurred while
communicating with the TPM. The driver returned 0x8007045dâ€.

I have updated the system BIOS to the latest and greatest available from DELL.
 
Thanks Kim, this is very useful. For a little more information please follow
these instructions:

Under Vista, can you run "devmgmt.msc" (to start device manager),
Browse to the TPM under Security Devices.
Open Properties, select the "Details" tab
What does "Device Description" say?
Likewise, please look at the "Hardware IDs" and "Compatible IDs" properties.

Thanks!
-
Jamie Hunter [MS]

Kim said:
Jamie Hunter said:
There are some BIOS'es (not sure if this is one as we have not tested
this
machine) that do not yet support the "Physical Presence" interface. This
is
an interface where the OS can initiate activation of the TPM in a manner
that ensures the user is aware of the process (to stop
spyware/viruses/etc
activating the TPM). Check your BIOS menu's, and there may be an option
in
BIOS to activate the TPM. If not, Dell may provide such a utility.
-
Jamie Hunter [MS]
Thansk Jamie

Since then I have tinkered on and found plenty of new information, but no
solution.

I rolled my system back to XP SP2. With this installed I could load the
DELL
TPM Utilities and perform a “Vendor Activation†of the TPM chip. I assume
this process involves generating the initial key pair.

With that in place I could then (still with XP) enable EFS and operate an
encrypted set of files without problems.

Then I went back to Vista, hoping that my troubles now where gone, but
alas,
same problem. The BitLocker wizard and manage-bdf script still tells me
that
I don’t have a compatible TPM (as stated previously).

The Event Viewer has two event type related to this:

Event ID 516 and 16392. The description for both is “An error occurred
while
communicating with the TPM. The driver returned 0x8007045dâ€.

I have updated the system BIOS to the latest and greatest available from
DELL.
 
Jamie Hunter said:
Thanks Kim, this is very useful. For a little more information please
follow these instructions:

Under Vista, can you run "devmgmt.msc" (to start device manager),
Browse to the TPM under Security Devices.
Open Properties, select the "Details" tab
What does "Device Description" say?

Broadcom Trusted Platform Module (A1) v1.2
Likewise, please look at the "Hardware IDs"
ACP\BCM0101
*BCM0101

and "Compatible IDs" properties.

I can't find any of those. Do you mean "Macthing devices id"?

acpi\bcm0101
Thanks!
-
Jamie Hunter [MS]

Hope this helps. (Don't be confused be my respondign from a different
point - I gave up on the Web-interface to MS newsgroups)

Regards

- Kim
 
No, he means "Campatible ID", and they indeed are not there on my Dell
Latitude D610. I'll have to check my Precision M70, but the Device and
Hardware information all agrees with Kim. Is this a change from XP or an
oops?

--
The personal opinion of
Gary G. Little

Kim said:
Jamie Hunter said:
Thanks Kim, this is very useful. For a little more information please
follow these instructions:

Under Vista, can you run "devmgmt.msc" (to start device manager),
Browse to the TPM under Security Devices.
Open Properties, select the "Details" tab
What does "Device Description" say?

Broadcom Trusted Platform Module (A1) v1.2
Likewise, please look at the "Hardware IDs"
ACP\BCM0101
*BCM0101

and "Compatible IDs" properties.

I can't find any of those. Do you mean "Macthing devices id"?

acpi\bcm0101
Thanks!
-
Jamie Hunter [MS]

Hope this helps. (Don't be confused be my respondign from a different
point - I gave up on the Web-interface to MS newsgroups)

Regards

- Kim
 
From the Bitlocker live chat today, the BIOS may be the stumbling block.
TPM.msc will tell you if you have a TPM and not compatible. Dell's A04 BIOS
for the Precision M70 does not work either.

Gary G. Little

Gary G. Little said:
No, he means "Campatible ID", and they indeed are not there on my Dell
Latitude D610. I'll have to check my Precision M70, but the Device and
Hardware information all agrees with Kim. Is this a change from XP or an
oops?

--
The personal opinion of
Gary G. Little

Kim said:
Jamie Hunter said:
Thanks Kim, this is very useful. For a little more information please
follow these instructions:

Under Vista, can you run "devmgmt.msc" (to start device manager),
Browse to the TPM under Security Devices.
Open Properties, select the "Details" tab
What does "Device Description" say?

Broadcom Trusted Platform Module (A1) v1.2
Likewise, please look at the "Hardware IDs"
ACP\BCM0101
*BCM0101

and "Compatible IDs" properties.

I can't find any of those. Do you mean "Macthing devices id"?

acpi\bcm0101
Thanks!
-
Jamie Hunter [MS]

Hope this helps. (Don't be confused be my respondign from a different
point - I gave up on the Web-interface to MS newsgroups)

Regards

- Kim
 
Gary G. Little said:
From the Bitlocker live chat today, the BIOS may be the stumbling block.
TPM.msc will tell you if you have a TPM and not compatible. Dell's A04
BIOS for the Precision M70 does not work either.

Gary G. Little
Thanks Gary

Well. that sort of killed off the DELL (and the Gateway too?).

Has anybody out there found any other laptops with a working TPM?

- Kim
 
I have been able to make BitLocker work with the TPM on a Lenovo Thinkpad T60.
I had symptoms like the original poster where I could see the TPM in the
Device manager but Bitlocker would not detect it. I tried doing "Add
Hardware" manually and it found the TPM correctly. After that I was able to
encrypt my C: drive using Bitlocker. BUT I am running into problems when I
try to do a BitLocker recovery. In order to test the recovery, I inactivated
the TPM in the BIOS utility and as expected BitLocker prompts me for the
recovery password. It seems to accept the password and seems like windows is
booting but it crashes with a blue screen after a few seconds. I tried safe
mode and it seems it fails right after loading "crcdisk.sys" .
Has anyone seen symptoms like this ?
 
Jamie,

My apologies for not answering this sooner. I don't know how I missed you
question. BTW, I installed build 5728 but still have the same conditions
that I originally posted. Here's the output from manage-bde...

-SNIP

C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: An error occurred while connecting to the BitLocker management
interface.

Check that you have administrative rights on the computer and the computer
name is correct.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: An error occurred while connecting to the BitLocker management
interface.

Check that you have administrative rights on the computer and the computer
name is correct.

C:\Windows\System32>

-END SNIP

I do have admin rights and I assume the computer name is correct.

Thanks,

APA

Jamie Hunter said:
Hi APA, can you try these instead?

(1)
cscript manage-bde.wsf -tpm -TurnOn

(2)
cscript manage-bde.wsf -on c:

I expect one or both of these to fail, but I am interested in the failure
messages, which will tell me where to go from here. I'm not familiar with
the Gateway M280 or if it has the necessary BIOS support, but I know we've
had success with other Gateway machines.

Thanks!
-
Jamie Hunter [MS]

APA said:
Jamie,

Here's the output from 'manage-bde'

C:\Windows\System32>cscript manage-bde.wsf -tpm
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

C:\Windows\System32>

Thanks,

APA

Jamie Hunter said:
I'll talk to my co-workers on Monday, see if anyone has an idea what may
be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is
listed
in Device Manager under "Security Devices" as a Broadcom TPM. The
properties
specify it as 1.2 using MS drivers.

Thanks,

APA

:

What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM
support
on
a Gateway computer? I have Vista RC1 installed on a Gateway M280.
The
M280
has a Broadcom TPM 1.2 chip that is installed properly according to
Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet,
and
the
"manage-bde.wsf" script will not recongize the chip. All other
devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA
 
Back
Top