Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4991 Discussions

How to clear TPM2.0 Provision data and Provision it again?

JimHsu_3166
Beginner
‎01-10-2024 04:48 AM
5,191 Views

Hello,

I would like to re-provision TPM2.0 on D50DNP System.

But I encountered a problem, please see my below run step and picture.

Step1: Enable "Intel Virtualization"

Step2: Enable "Intel VT for Directed I/O"

Step3: Setting the Administrator Password

Step4: Disable "Intel TXT"

Step5: Disable SHA1 and Enable SHA256

Step6: Reboot system and Boot to "EFI Shell"

Step7: Unzip "TPM2ProvfilesCBnT-20230302.zip" to USB and Install to system

Step8: Run command   --->   Result : Empty Failed

  • Shell> ResetPlatformAuth.nsh SHA256 Example
  • TPM_FAILED.jpg

So... How can I re-provision it?

  • BIOS: R01.01.0005
  • BMC: 1.81-0
  • CPLD: 4.6
  • FRU: 0.09
  • CPU: Sapphire Rapids 8480+
  • TPM FW: 15.23
  • TPM Chip: SLB 9672VU2.0
0 Kudos

Link Copied

17 Replies
Sreelakshmi1
Employee
‎01-10-2024 10:33 PM
5,158 Views

Hello Jim_Hsu,


Greetings for the day!


Thank you for posting in Intel community forum.


We are currently checking the details and we will reach out to you as soon as possible.


We request your patience during this time.


Regards,

Sreelakshmi B


0 Kudos
Copy link
JimHsu_3166
Beginner
‎01-11-2024 08:33 PM
5,144 Views

Hi Sreelakshmi,

 

Thank you very much.

I look forward to your reply.

 

Best Regards,

Jim Hsu

0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-15-2024 03:11 AM
5,093 Views

Hello Jim_Hsu,


Greetings for the day!


I hope this message finds you well.


Can you please confirm if TPM 2.0 is enabled in the BIOS? If it is, kindly provide a screenshot for further assistance.



Regards,

Sreelakshmi B



0 Kudos
Copy link
JimHsu_3166
Beginner
‎01-15-2024 07:23 PM
5,074 Views

Hi Sreelakshmi,

 

Sure, Please refer to the picture below.

TPM2.0_Enable.jpg

Best Regards,

Jim Hsu

0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-16-2024 04:27 AM
5,059 Views

Hello Jim_Hsu, ,


Greetings for the day!


Thank you for sharing the details. Please allow us some time to review the details and we will get back with an update shortly.


 

Regards,

Sreelakshmi B


0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-18-2024 04:23 AM
5,024 Views

Hello JimHsu_3166,


I hope this message finds you well.


We would like to inform you that as per the snapshot shared, we see that the TPM is not enabled.


Please refer the below user guide to configure TPM 2.0.


https://www.intel.com/content/dam/support/us/en/documents/server-products/Configuring_the_TPM_2.0.pdf



Regards,

Sreelakshmi B


0 Kudos
Copy link
JimHsu_3166
Beginner
‎01-19-2024 12:48 AM
4,982 Views

Hi Sreelakshmi,

 

Sure, I have tried to enable TPM function and make sure the TPM is ready for use under Windows Server 2022.

But still cannot reset TPM provision data under EFI Shell.

 

Step1: Enable "Intel Virtualization"
Step2: Enable "Intel VT for Directed I/O"
Step3: Setting the Administrator Password
Step4: Setting "TPM2 ClearControl(NO) + Clear"
Step5: Reboot system and Boot to "BIOS"
Step6: Enable "Intel TXT"
Step7: Disable SHA1 and Enable SHA256
Step8: Reboot system and Boot to "Windows Server 2022"
Step9: Run "tpm.msc" ---> The TPM is ready for use.
Step10: Reboot system and Boot to "EFI Shell"
Step11: Unzip "TPM2ProvfilesCBnT-20230302.zip" to USB and Install to system
Step12: Run command ---> Result : Empty Failed
Step13: Reboot system and Boot to "BIOS"
Step14: Disable "Intel TXT"
Step15: Setting "TPM2 ClearControl(NO) + Clear"
Step16: Reboot system and Boot to "EFI Shell"
Step17: Run command ---> Result : Empty Failed

TPM2.0_Enable_Windows2022.jpg

 

Best Regards,

Jim Shi

0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-19-2024 05:06 AM
4,961 Views

Hello JimHsu_3166,


Greetings for the day!


Based on the snapshot analysis, the status indicates that TPM 2.0 is ready for use, with details such as TPM Manufacturer: IFX and Specification Version: 2.0. We would like to inform you that the snapshot information aligns with the article I shared earlier.


Please let us know if you have any specific issues or queries for which you are seeking a solution.



Regards,

Sreelakshmi B


0 Kudos
Copy link
JimHsu_3166
Beginner
‎01-21-2024 05:13 PM
4,896 Views

Hi Sreelakshmi,

As the title says, do I have any way can re-provision it?

Best Regards,
Jim Hsu

0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-22-2024 05:11 AM
4,881 Views

Hello JimHsu_3166,


Greetings for the day!


Please allow us some time to review the details and we will get back with an update shortly.


Regards,

Sreelakshmi B


0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-25-2024 12:49 AM
4,804 Views

Hello JimHsu_3166,


Greetings for the day!


Since you need to clear TPM 2.0 provision data, kindly follow the below link and go to Section 3.4 Security Screen -> 8. TPM2 Operation to perform TPM 2.0 clear.


https://www.intel.com/content/dam/support/us/en/documents/server-products/intel-bios-setup-utility-user-guide-d50dnp-and-m50fcp.pdf


We would like to inform you that changing the TPM state in setup requires a hard reset for the new state to become effective.


Regards,

Sreelakshmi B



0 Kudos
Copy link
Sreelakshmi1
Employee
‎01-29-2024 10:04 PM
4,717 Views

Hello JimHsu_3166,

  

I hope this message finds you well.

 

We are following up to find out if you were able to find the information we provided. Please reply to confirm, so we can continue helping on a resolution. Looking forward to receiving your reply.

 

Regards,

Sreelakshmi B


0 Kudos
Copy link
JimHsu_3166
Beginner
‎01-29-2024 10:50 PM
4,709 Views

Hi Sreelakshmi,


But I still cannot provision TPM2 again after clear TPM2.0 under BIOS.
Could you kindly help to check you can re-provision TPM after clear TPM2.0 under BIOS?

Step1: Setting "TPM2 ClearControl(NO) + Clear"
Step2: Reboot system and Boot to "EFI Shell"
Step3: Run command #> ResetPlatformAuth.nsh SHA256 Example

If possible, could you please provide the successful picture?

Best Regards,
Jim Hsu

0 Kudos
Copy link
Sreelakshmi1
Employee
‎02-01-2024 05:54 AM
4,647 Views

Hello JimHsu_3166,



Please allow us some time to review the details and we will get back with an update shortly.


Regards,


Sreelakshmi B


0 Kudos
Copy link
Sreelakshmi1
Employee
‎02-07-2024 05:14 AM
4,558 Views

Hello JimHsu_3166,


Could you please run “MSFT_NVCI_Index.nsh CustomIndexForMSFT.iDef” command to create the NVCI Index (provisioning) and let us know the result.


The reset script is not mandatory. If the ownership was cleared by the BIOS Setup, there is nothing to reset.


 Regards,

Sreelakshmi B



0 Kudos
Copy link
Sreelakshmi1
Employee
‎02-13-2024 05:08 AM
4,463 Views

Hello JimHsu_3166,


We are following up to find out if you were able to find the information we provided . Please reply to confirm, so we can continue helping on a resolution. Looking forward to receiving your reply.


Regards,

Sreelakshmi B



0 Kudos
Copy link
Sreelakshmi1
Employee
‎02-19-2024 05:42 AM
4,402 Views

Hello JimHsu_3166,


Good day!


We would like to inform you that we are closing this request as no response has been received from our previous follow-ups.

 

Please don't hesitate to ask any further questions in the future. Feel free to start a new conversation, as this thread will no longer be monitored.


Regards,

Sreelakshmi B



0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.