TPM Chip Activation Across Platforms

Published by david on

Get the status of the TPM chip

if ((get-tpm).TpmReady -eq $False) {
    write-host "puce non active"
    if ((get-tpm).TpmPresent -eq $True) {
        write-host "Activation de la puce"
    }
} Else {
    write-host "Puce Active"
}

Dell

Enabling TPM Chips with CCTK

  • Dell Command for configuring DELL BIOS settings

Install : http://en.community.dell.com/techcenter/enterprise-client/w/wiki/7532.dell-command-configure and retrieve the executables

  • For enabling TPM chips
cctk.exe --TpmSecurity=on

Enabling TPM Chips with powershell

PowerShell Module : https://www.powershellgallery.com/packages/DellBIOSProvider

Function for online installation of PowerShell module

Function Enable-TPM_Dell {
  param(
        [string] $BiosPassword = ""
    )

  install-module DellBIOSProvider
  If ($BiosPassword -eq "") {
    Set-Item -Path DellSmbios:\TpmSecurity\TpmSecurity "Enabled"
  } Else {
    Set-Item -Path DellSmbios:\TpmSecurity\TpmSecurity "Enabled" -Password $BiosPassword
  }

}

Function for Offline installation of PowerShell module

Function Enable-TPM_Dell {
  param(
        [string] $BiosPassword = ""
    )

  $DellModulePath = "${env:ProgramFiles}\WindowsPowerShell\Modules\DellBIOSProvider"
  if (test-path $DellModulePath) {
    write-host "PASS"
    import-module DellBIOSProvider
    If ($BiosPassword -eq "") {
      Set-Item -Path DellSmbios:\TpmSecurity\TpmSecurity "Enabled"
    } Else {
      Set-Item -Path DellSmbios:\TpmSecurity\TpmSecurity "Enabled" -Password $BiosPassword
    }
  } Else {
    Write-Error "DellBIOSProvider Module Not Exist..."
  }
}

HP

Function to activate the TPM chip with powershell

Function Enable-TPM_HP {
  $BiosInfo  = Get-WmiObject -Namespace root/hp/instrumentedBIOS -Class hp_biosEnumeration
  $BiosSetup = Get-WmiObject -Namespace root/hp/instrumentedBIOS -class hp_biossettinginterface

  foreach ($Conf in $BiosInfo) {
    $Param = $conf.Name
    If ($Param -like "*TPM Device*") {
      Write-host "$Param"
      $BiosSetup.SetBIOSSetting($Param,'Enable')
    }
  }
}

Enable-TPM_HP

Hyper-V

  • Creating a Generation 2 VM
  • You can enable the TPM chip in the security settings.

Vmware Workstation

  • Create a new VM (Windows 10) with UEFI BIOS.
  • It is necessary to encrypt the VM (with a password).
  • You can add TPM chips
  • After installing the VM Tools, the TPM chip is functional


Warning : If you enable BitLocker on your VM and have a Thindisk, the entire disk space will be used during encryption

Categories: BitLocker
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

BitLocker

Implementing BitLocker in a Corporate Environment

A comprehensive guide on deploying BitLocker in a business setting, covering Active Directory configuration, TPM chip management, and automated BitLocker activation using scripts.