Unsolved
This post is more than 5 years old
2 Posts
0
65289
Latitude E4300's having issues with TPM chips turning off without any apparent reason
Hi folks,
We have multiple different Dell models in our company (E4200, E4300, E6400, E4310 & E6410). Most of the models work great, but the E4300 seems to be having a lot of problems with the TPM chip.
For the hard drive security we use Bitlocker (W7) with all the data being stored into Active Directory. Now in the last 6 months i've had nearly 15 cases of different computers turning their TPM chip off without any apparent reason. I just today had a case with one computer that had it happen a few months earlier.
I've tried updating the BIOS of the computers but with no apparent help.
We don't use the Wave suite to configure the TPM, only the Windows 7 built in features.
Has anybody been struck with the same issue on Dell Latitude E4300 computers?
Best Regards,
Perttu
Matt Giannetto
3 Posts
0
June 6th, 2011 07:00
We have had this problems on the E4300s and a few older models as well. Not sure if we're have the issue on other newer models. Same deal-- had the problem for about 6 months and every week or two someone runs into this problem. I'm looking for a solution as well.
--Matt
Matt Giannetto
3 Posts
0
June 8th, 2011 13:00
Let me update-- most of the problems we've seen are with Latitude E6400s. We had one problem with BitLocker on a E4200 but it's not necessarily that the TPM was turned off in the BIOS. We've had at least four instances recently of TPM turning off in the BIOS for no apparent reason on the E6400s.
foo10
2 Posts
0
June 17th, 2011 06:00
This week i've had 3 computers with the TPM problem. I'm going to start finding a high enough channel which to contact so that Dell will start to troubleshoot the issue.
lennymacd
1 Message
0
March 13th, 2012 06:00
Hi,
Have any of you managed to find a solution for this, I have had the same problem with one or two of our E4300 laptops and came across these postings when I "googled" :emotion-2:
Any help would be GREATLY appreciated !
THANKS,
Dave.
Matt Giannetto
3 Posts
0
March 14th, 2012 09:00
Apparently our issues are being primarily caused by the dock state of the laptop. But it was intermittent. We've had some success by modifying the PCR settings for BitLocker in Group Policy. Not the perfect solution in terms of security, but gave us enough success to not have to disable full disk encryption altogether.
Dell Support helped identify the workaround and provided the information below. They recommended we shut off PCR 0 and 2 and test further. Please understand that this will reduce security from the default configuration. Whether or not that's appropriate for your organization is for you to research and decide.
Bitlocker PCR (Platform Configuration Register) levels:
http://technet.microsoft.com/en-us/library/ee706521%28WS.10%29.aspx#BKMK_depopt1
• PCR[0]: Core root-of-trust for measurement, EFI boot and run-time services, EFI drivers embedded in system ROM, ACPI static tables, embedded SMM code, and BIOS code
• PCR 1: Platform and motherboard configuration and data. Hand-off tables and EFI variables that affect system configuration
• PCR 2: Option ROM code
• PCR 3: Option ROM data and configuration
• PCR 4: Master Boot Record (MBR) code or code from other boot devices
• PCR 5: Master Boot Record (MBR) partition table. Various EFI variables and the GPT table
• PCR 6: State transition and wake events
• PCR 7: Computer manufacturer-specific
• PCR 8: NTFS boot sector
• PCR 9: NTFS boot block
• PCR 10: Boot manager
• PCR 11: BitLocker access control
By default Bitlocker has PCRs 0, 2, 4, 5, 8, 9, 10, and 11 enabled.
Brackan
1 Message
0
May 24th, 2012 09:00
I have a customer that is experiencing the same problems. Even though disabling registry checks is not an option in our case I would like to ask if it helped to ignore PCR0 and PCR2?
Does Dell have a suggested way of troubleshooting which PCR triggered a lock down?
And also: This is a major annoyance.