Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tpm]

A Trusted Platform Module (TPM) is a secure co-processor that provides cryptographic operations and stores system integrity measurements.

38 questions
10
votes
2 answers

How to enable BitLocker with no prompts to the end user

I have configured BitLocker and TPM settings in Group Policy such that all the options are set and the recovery keys stored in Active Directory. All our machines are running Windows 7 with a standard corporate image and have their TPM chips enabled…
Wes Sayeed
  • 1,862
  • 6
  • 27
  • 41
9
votes
2 answers

TPM had to be reintialized: Does a new recovery password have to be uploaded to AD?

Some way some how, a user's machine couldn't get read the bitlocker password off of the TPM chip, and I had to enter the recovery key (stored in AD) to get in. No big deal, but once in the machine, I tried to suspend bitlocker per recovery…
MDMoore313
  • 5,531
  • 6
  • 34
  • 73
8
votes
2 answers

Trusted Platform Module (TPM) versions 1.2 vs 2.0 and header number of pins

I am trying to understand the TPM header on a motherboard I have, which is an Asrock "H170m Pro4" It has a TPMS1 header on the motherboard, and it has 9x2 pins with 1 missing. In searching the web, I see a 14-1 pin TPM module, other references to…
ron
  • 775
  • 3
  • 9
  • 19
7
votes
2 answers

How to detect Dell TPM from inside Windows?

I need to know whether my server has TPM installed. It is located 10000 miles away from me so going there to look at the BIOS is not an option. It is also not anyhow described on the Dell website nor wikipedia. So please answer only if you know how…
Boppity Bop
  • 722
  • 3
  • 11
  • 29
7
votes
2 answers

Approaches for Linux server disk encryption

What are the approaches available for fully encrypting a disk on a remote server (say, colocated in a datacenter)? On Windows, we can just turn on Bitlocker with a TPM. Then the server can reboot, and attacking either requires taking the machine…
MichaelGG
  • 1,739
  • 8
  • 25
  • 30
5
votes
1 answer

How can I encrypt my SSD but still boot unattended (linux)?

I have a system that displays video from a camera feed with an overlay, and it must boot without any user intervention (the quicker the better). However, these systems will be in the hands of customers so we are worried about…
Chriszuma
  • 151
  • 1
  • 4
4
votes
0 answers

Bitlocker - mainboard exchange won't require recovery password - why?

A mainboard died. It was exchanged for the same board type (same bios and config, as well, also a new CPU but of the same type). The hard drive is encrypted with bitlocker (on Win10 Pro v1903) and I use an fTPM (Intel PTT) + PIN. I had expected to…
Hans Hase
  • 61
  • 2
4
votes
1 answer

Encrypt disks using SED and store keys in TPM?

I'm buying servers lately and all of them have disks that support TCG Opal full-disk encryption (aka SED). What I'd like to do is: Store data encrypted-at-rest on the disks (NVMe & SAS). Not be required to enter a password/passphrase at server…
Evan
  • 307
  • 1
  • 4
  • 12
4
votes
1 answer

BitLocker on Hyper-V Server 2019 - Failed - The system cannot find the file specified

To start with, I want to be clear that this is on "Hyper-V Server 2019" (free headless hypervisor) and not "Windows Server 2019" with the Hyper-V role installed. I've been banging my head against the wall on this one a while and tried just about…
Craig
  • 313
  • 3
  • 9
3
votes
1 answer

How do I identify which bitlocker protector is active?

BitLockerVolume -MountPoint C).KeyProtector I see multiple RecoveryPassword key protectors, how do I know which one is active? If I pull the HDD and plug it into another machine its going to ask me for one of those keys, but how do I know which key…
red888
  • 4,069
  • 16
  • 58
  • 104
3
votes
2 answers

Reason for TPM lockout

We have several Surface Pro 3 devices deployed with BitLocker enabled in TPM + PIN mode. The devices have a TPM 2.0 chip and are running Windows 8.1 Pro. We have an issue where users are occasionally presented with the "Too many incorrect PIN…
dbr
  • 1,812
  • 3
  • 22
  • 37
2
votes
0 answers

How can I see if Windows is refusing to trust a TPM?

I've been fighting with my motherboard's manufacturer to get a TPM I bought from them to work. In UEFI/BIOS I can see the TPM and set its state to enabled, but in tpm.msc it just reads that no compatible TPM was found (see screenshot), and it does…
ecnepsnai
  • 224
  • 3
  • 15
2
votes
1 answer

how do I view current tpm owner in windows?

How do I see if a TPM owner has already been set? All see are examples of how to clear the TPM, reset owner password, change owner. I just want to see if the owner is set and possibly who it is set to. Looking in tpm.msc its not obvious to me…
red888
  • 4,069
  • 16
  • 58
  • 104
2
votes
2 answers

BitLocker - No TPM & No Flash Drive

I have done some research on using BitLocker in an environment where the machines do not have a TPM and it appears you will need to utilize a Flash Drive for it to work properly. This seems to be the case for Windows 7 and Windows 2008 R2. I have…
user2104891
  • 127
  • 2
  • 12
2
votes
2 answers

Windows 8.1 TPM ownership on Server 2008 R2 schema - not to spec?

My organization is running AD DS on Server 2008 R2 schema. Already a bad start, I know, but let's pretend that's impossible to change. In our default domain policy, we have the following setting enabled to require AD backup of TPM owner…
Prosun
  • 203
  • 1
  • 2
  • 9
1
2 3