Automate enabling Enable Trusted Execution Technology (TXT) in BIOS

Wilmatic81 · ‎04-22-2021

Hello,

Currently we have an issue with BitLocker compliance on our HP G6 Desktops in Intune. After encryption, it does not change the compliance even though it is properly encrypted. Microsoft provided a solution Trusted Execution Technology (TXT) must be enabled for this to work as it updates the Windows Health Attestation. We have tested and confirmed after enabling it in the BIOS, it becomes compliant after a few hours.

My question is, has anyone been able to automate this successfully? I was able to script it with PowerShell and also using the HP BIOS Configuration Utility. However, after enabling it, it does not boot into Windows. I'd have to disable it from the BIOS and let it book back into Windows.

Setting it manually in the BIOS has no issues but we have several remote offices with no support staff which is why we would like to automate this process. Not sure if this is possible and might be by design but any info would be helpful.

Alberto_Sykes · ‎04-23-2021

Wilmatic81, Thank you for posting in the Intel® Communities Support.

In order for us to provide the most accurate assistance on this scenario, we just wanted to confirm a few details about your system:

What is the model of the Intel® Processor?

Is this a new computer?

Was it working fine before?

When did the issue start?

Did you make any recent hardware/software changes?

Which Windows* version are you using?

Any questions, please let me know.

Regards,

Albert R.

Intel Customer Support Technician

Wilmatic81 · ‎04-23-2021

Hi Albert R, thanks for the response.

What is the model of the Intel® Processor? Intel(R) 400 Series Chipset

Is this a new computer? Yes

Was it working fine before? As mentioned, no issues if we manually enable it in the BIOS but if we use a PowerShell script or HP BIOS Config Utility to enable the TXT setting it gets stuck in POST and doesnt boot into Windows. Not sure if there are pre-steps or something we have to temporarily disable prior to enabling TXT in Windows vs BIOS.

When did the issue start? new issue

Did you make any recent hardware/software changes? This issue is on the HP ProDesk 600 G6 Desktop Mini PC

Which Windows* version are you using? Windows 10 2004/20H2

Alberto_Sykes · ‎04-26-2021

Hi Wilmatic81, You are very welcome, thank you very much for providing that information.

I searched for the specifications of the HP ProDesk 600 G6 Desktop Mini PC and I can see that the chipset that it has is Intel® Q470 Chipset, which as you mentioned, is an Intel® 400 Series Chipset:

https://www8.hp.com/h20195/V2/GetPDF.aspx/c06640111

I looked in our website for the Intel® Q470 Chipset in order to verify if it supports Intel® Trusted Execution Technology, as you can see in the link below, from our side we can confirm that it does support the feature:

https://ark.intel.com/content/www/us/en/ark/products/201836/intel-q470-chipset.html

So, if there are any problems related to the Intel® Trusted Execution Technology, the next thing to do in this case will be to get in contact directly with HP so they can verify BIOS settings, if a BIOS update is needed or if a physical inspection is necessary, warranty options may apply on this scenario:

https://support.hp.com/us-en

Regards,

Albert R.

Intel Customer Support Technician

Wilmatic81 · ‎04-26-2021

No problem they are looking into the issue right now.

Alberto_Sykes · ‎04-27-2021

Wilmatic81, Thank you very much for providing those updates.

Perfect, excellent, they will be able to further assist you with this topic.

Regards,

Albert R.

Intel Customer Support Technician

Chuck21 · ‎07-20-2021

Wilmatic81,

I am having this exact same issue.

I looked for the TXT setting all through the BIOS but am unable to find it. Was their something special you had to do to expose this setting?

Thank you.