Endpoint Management
Turn on Trusted Platform Module (TPM)
Last modified 6/15/2020
About
Trusted Platform Module (TPM) chip on your device must be enabled/turned on in order to use BitLocker in one of the university's BitLocker solutions.
Getting Started
Method 1 - Automatic / Silent Deployment
Manufacturers
- Dell
Use the tool "Dell Command | Configure" to adjust your BIOS settings to enable TPM.
Download Link: https://www.dell.com/support/article/en-us/sln311302/dell-command-configure
Documention: https://www.dell.com/support/home/us/en/04/product-support/product/command-configure-v4.2/manuals
- Lenovo
Almost all Lenovo's shipped, come with TPM enabled. However in the scenario where it is turned off and you need to enable it, Lenovo has put out a couple of tools for BIOS configuration deployment:
Deployment Guide: https://download.lenovo.com/cdrt/wp/bios.html
Method 2 - Manually Enable
Manufacturers
- Dell
Your device's BIOS menus can look drastically different between different models. This outlines the general idea of how to enable the TPM through the BIOS instead of including the specifics as absolute.
- Press F12 during computer boot to get to the boot menu.
- Select BIOS setup.
- Enter the BIOS password. You may have to click Unlock at the bottom of the screen.
- If no BIOS password is set, you may have to set the BIOS password and restart. Set it under Administrator Password.
- Expand the Security tab.
- Select TPM Security.
- Enable the TPM chip. This probably says "TPM Security." On some boxes you will have to exit and restart. On others, you just have to hit apply.
- Activate the TPM Chip. This usually doesn't require a restart, but you may have to select apply to generate more boxes.
- Exit and restart.
- Lenovo
TPM chips in Lenovo computers are generally on by default.
Your device's BIOS menus can look drastically different between different models. This outlines the general idea of how to enable the TPM through the BIOS instead of including the specifics as absolute.
- Press F1 during computer boot to get to the boot menu.
- Move over to the Security tab
- Move down and expand Security Chip.
- Choose Intel PTT (Windows 10 only) or Discrete TPM (Windows 8.1) under Security Chip Selection.
- Set the Security Chip to Enabled.
- Ensure that Physical Presence for Provisioning is disabled.
- Use escape to exit the security chip menu.
- Navigate right over to the restart tab.
- Select Exit Saving Changes.
- Click Yes.