This post is more than 5 years old
1 Rookie
•
1 Message
1
9690
October 26th, 2016 11:00
Support for TPM missing for Alienware Area 51 R2 BIOS A8
I am wanting to enable Bitlocker for my Area 51 R2-Late 2014, without the use of a flash drive. I installed a TPM into the TPM slot but there is no way to enable it in the BIOS. All new windows 10 PC's shipping from here on out will have TPM's and support built in. This is your highest end machine and there is no support for hardware based encryption. This is a real problem. I cannot enable the TPM so it cannot be initialized, furthermore I assume Dell didn't foresee the use of hardware based encryption for it's customers as the TBS service is missing from the OS, and the BIOS has no support. My old Alienware machines with TPM from years ago had the option to go into security in the BIOS and enable the TPM. Can you please provide an update for the BIOS that supports hardware based encryption using TPM? After all this is the best computer you make right? Is there an alternate BIOS from MSI the board manufacturer that would support it?
ianimal
1 Message
2
December 2nd, 2016 16:00
I currently am having the same issue. I have opened a support ticket with Alienware Tech Support (I recommend you do the same). Some pointers to drive home to Tech Support: 1) The Motherboard (manufactured by MSI -- [Micro Star International]) has header pins, labled "LPC1" designed for a TPM Module to be installed. 2) The LPC1 header pins designed for a TPM Module must be enabled through BIOS. BIOS updates are the responsibility of the manufacturer. 3) Windows 10, per ALL of Microsoft's technical documentation and pre-sale spec sheets demand Manufacturer compliance with TPM 2.0 Architecture (reference the compliance date for Windows 10 of July 2016). 4) Dell/Alienware sells the PC on the premise of an "Unlocked" motherboard for overclocking/modding/etc--header pins that cannot be enabled for their intended purpose by the customer for whatever reason (BIOS [Software], or switch [hardware]) constitutes a malfunctioning motherboard. In my trouble ticket, I asked for a software engineer to email me 2 attachments: 1) a Windows PowerShell script to reconfigure the Area 51r2 to be responsive to Dell's Command|Configure Tool (used by institutions to modify BIOS or UEFI settings) and 2) A Dell Command|Configure executable file to enable the LPC1 header pins/TPM 2.0. Personally, I purchased my Area 51r2 with Windows 10 Pro because of bitlocker (and the understanding of using it natively--due to Microsoft's directives regarding TPM 2.0 and Windows 10), and the Virtual Environment. I would stress that in communicating with Dell to be sensitive to prior (in years past) bad-rep Dell received in regards to root-based software that enabled enhanced support (this has since ended) Being sensitive to this should help receive a fix. I will follow up with a response to my trouble ticket. Currently, I am on day 3 (and on hold for a status check) in regards to getting the fix I have requested from Dell/Alienware.
A1N
1 Message
1
December 1st, 2016 22:00
Yes, a badly needed function! Please add this!
Area51Fan
4 Posts
0
May 4th, 2017 14:00
Any new news on this front? BIOS is up to A11, but still not sure if I add an external TPM it will matter
pl212
13 Posts
2
May 7th, 2017 17:00
Agree this is a problem. Even a MSI-branded TPM chip (the motherboard's OEM manufacturer) will not work without BIOS support for this feature.
speedstep
9 Legend
•
47K Posts
1
May 9th, 2017 10:00
TPM is not installed or offered as a feature for Consumer Dell Models.
Latitude Laptops and Optiplex, Precision Desktops and only for USA distribution.
There are Export Restrictions on TPM and its illegal in Russia and China etc.
(all x86 models require the x86 CCTK package, and the x64 steps require the x64 CCTK package)
Platform(s) Supported
• Latitude
• Optiplex
• Dell Precision Workstation Mobile
• Dell Precision Workstation
• Venue 11 Pro
For Older Models its the same.
The control point software or the Wave Systems Corp EMBASSY Trust Suite have the Driver. There is no one size fits all. There are also VERSION and Firmware Issues. TPM is either enabled or Disabled in bios.
TPM is not available in all countries. Bitlocker does not REQUIRE TPM and can be installed without it.
Go to the Local Group Policy Editor and choose the "Require additional authentication at startup" setting under the Local Group Policy Editor: Computer Configuration > Administrative Templates > Windows Components > Operating System Drives.
Within that template, enable it and then you can click on the checkbox to
Allow BitLocker Without A Compatible TPM.
How to Configure Computer to Enable BitLocker without Compatible TPM:
Administrators must follow the steps below to configure their Windows 8 computers to allow enabling Bit Locker Drive Encryption without compatible TPM:
a. Log on to Windows computer with the account that has administrative privileges.
b. Assuming that the computer has been configured to display classic start menu, click Start and at the bottom of the menu in search box type GPEDIT.MSC command and press enter key.
c. On the opened Local Group Policy Editor snap-in from the left pane expand Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption and from the expanded list click to select Operating System Devices.
d. From the right pane double-click “Require additional authentication” at startup.
e. On the opened box click to select Enabled radio button and ensure that under Options section Allow Bit Locker without a compatible TPM checkbox is checked.
f. Once done, click Ok button to allow the changes to take effect and close Local Group Policy Editor snap-in.
Installation Instructions | Wave Systems Corporation
EMBASSY Trust Suite version 2.2.3 installed on:
Latitude D420, D620, D820
Precision M65, M90, 490, 690 WS390
Optiplex 530, 730
(XP and Vista 32-bit OS only)
EMBASSY Trust Suite 3.3.0.26 installed on:
Latitude D430, D530, D531, D630 (ATG, c, XFR), D631, D830, XT
Precision Mobile M65, M90, M2300, M4300, M6300
Precision WorkStation 390, T3400, R5400, T5400
OptiPlex 740, 745, 745c, 755
(XP and Vista 32-bit OS only)
See Solution: Wave Systems Corp EMBASSY Trust Suite Application Driver Details | Dell US
Tesla1856
8 Wizard
•
17.1K Posts
0
May 9th, 2017 11:00
Unfortunately, I think this is the problem with ordering a Gaming Machine for professional work-flows and applications. While it is based on Intel's Enthusiasts platform, I think something like a Dell Precision Workstation would be a better fit (if limiting your selection to Dell-made machines).
But I understand why you bought the Area51-R2 for this purpose. I wonder if Dell finally has a nice Precision workstation tower with large power-supply (850w or bigger), adequate PCIe slots, and CPU liquid cooling? And then there is the video card situation. Last time I checked, no gaming-class Nvidia Pascal cards were offered. Only option I saw is to order with cheap workstation-class card, pull-it, and install your own ... retail/aftermarket card (like maybe a GTX-1080ti). Also, not sure about affordable, pre-installed, NVMe M.2-SSDs.
Edit:
Just took a peak. Looks like Liquid-Coolers, PCIe-slots, and NVMe-SSDs are all available on the nicer Precision Desktop models these days. Couldn't really find Power-Supply size, but with these large towers, I'm guessing they are fairly big and adequate.
Only thing left is the video card. The above mentioned swap-out procedure would take care of that. Maybe you will come-up short a modular PCIe-PowerCable, but you should be able to order that directly from Dell Parts.
Tesla1856
8 Wizard
•
17.1K Posts
1
May 9th, 2017 11:00
Just wanted to report that my new Alienware Aurora-R6 appears to have a TPM installed and ready for use.
I am running Windows-10 Pro (64bit).
TPM.MSC also reports:
A Manufacturer name, a version, and that it's Specification v2.0.
This machine was sold-in (and is for use-in) the USA.
Pretty sure this is a Pegatron-made motherboard.
Edited.
speedstep
9 Legend
•
47K Posts
1
May 9th, 2017 11:00
This would not be the case for ALL boards because TPM is export Restricted.
The export of cryptographic technology and devices from the United States is severely restricted by U.S. law. Many restrictions still remain. Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security reasons, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment. Items on the US Munitions List are controlled by ITAR. Export Administration Regulations include the Commerce Control List. The Bureau of Industry and Security (BIS) is an agency of the United States Department of Commerce that deals with issues involving national security and high technology. Some countries (for example, China and Russia) have explicit TPM regulations, so an organization should check with its legal department in regards to EXPORT Restrictions. There were quite a lot of changes from 1.2 to version 2.0 TPM.
Area51Fan
4 Posts
0
May 10th, 2017 07:00
Bitlocker is not the only reason I am asking about TPM support. The "Windows Hello" authentication scheme only works with a TPM as it stores the private keys of the certificates in the TPM and allow access to those to be unlocked with a face recognition or pin. The work around for bitlocker might work well enough for whole disk encryption, but does not, to my understanding address, the other needs for TPM2.0 support in a Windows 10 universe. I have knowledge about export insanity with crypto having gone through this process before with BIS and as the TPM is an add on component which can be shipped/installed independently to the Area52 R2 it is not actually the complicating factor for supporting it in the BIOS. If you add the TPM as part of the base package you ship cross border then the burdens would apply, but not for adding BIOS support to turn it on if installed.
Area51Fan
4 Posts
0
May 10th, 2017 08:00
This is a useful workaround for bitlocker and thanks for posting as I am sure it will address some people's need, but not mine
speedstep
9 Legend
•
47K Posts
0
May 11th, 2017 04:00
TPM is more than just Bios its physical hardware. You either have it or you don't.
If it was just a bios update you wouldnt need the Fritz Hollings Chips.
On Asus its an installable Module.
Area51Fan
4 Posts
0
May 11th, 2017 05:00
Yes it is. So lets say I have the Supermicro AOM-TPM-9655V-C and plug it into the slot on the motherboard on the A51R2. I need the bios to actually turn it on. I am not asking the BIOS to become the TPM just allow one this is installed to actually be enabled.
speedstep
9 Legend
•
47K Posts
0
May 11th, 2017 06:00
The Supermicro AOM-TPM-9655V-C is not a card with edge connectors and therefore it does not plug into a slot.
TPM is based on Certificates and Keys. Supermicro is Not Dell. The AOM-TPM-9655V-C plugs onto a header.
I have no idea how Dell does or doesnt do this. On other models Like the Latitude or Optiplex this chip is Soldered onto the motherboard or NOT. The other way to say it is that Bios Support usually does not show a feature when the corresponding hardware isn't there. Optplex 620 for example does not show VT-x unless a processor that supports it is installed. Below are 3 different implementations meaning there doesn't appear to be a one size fits all standard.
Gigabyte does this in a different way as does MSI.
The MSI module looks like it has Less pins.