none
Unable to retrieve TPM Owner Password - cannot update TPM firmware RRS feed

  • Question

  • With the new Windows update (1803) the Windows Defender interface has warned me that my TPM has a vulnerability (my TPM version is 1.2, by Infineon).

    I have contacted the manufacturer of my computer (PC Specialist) to provide a firmware update package, which they did.

    I put my Bitlocker on suspend (added a restart re-enable delay of 10 restart cycles through PowerShell) and ran the update software. 

    It informs me that the update is possible - but asks for either an Owner Password or Owner Password File (*.tpm). 

    I erroneously assumed that my TPM password is my BitLocker key - which it isn't - and I cannot get the update to run - because it keeps reporting that the password is incorrect.

    My question is - how can I get the TPM Owner password in this version of Windows so that I can update the TPM firmware?

    Here is what I have tried so far (and it didn't work):

    1. I have tried all the possible BitLocker keys that I both have stored on the Microsoft server as well as locally (USB stick) and that didn't work.

    2. I tried accessing the active directory but it seems that I do not have access to AD. I don't remember ever using it anyway.

    3. I tried clearing the TPM both from Windows and from BIOS - letting Windows take ownership.

    4. I tried disabling the TPM in BIOS.

    5. I tried disabling the OS control of TPM in BIOS.

    6. I tried playing around with Group Policy settings which apparently in previous versions of Windows made the TPM password show up in the registry - but from what I have personally observed and also read about on forums - this is not possible anymore.

    What I have also read online is that when Windows generates an Owner password - it basically keeps it hidden from the user and destroys it right after the OS has taken ownership (or something similar to that) - so there is basically no way for me to even know the password.

    Please help!

    Friday, June 1, 2018 9:34 AM

Answers

  • Keeping it simple:

    1 Save your bitlocker recovery key

    2 delete the TPM protector on the command line:

    manage-bde c: -protectors -delete -type tpm

    3 clear/reset the TPM in tpm.msc

    now suspend bitlocker

    4 do the firmware upgrade

    5 re-add the tpm protector to the bitlocked drive

    manage-bde -protectors -add -tpm c:

    • Marked as answer by RedSox_DK Saturday, June 2, 2018 7:42 AM
    Friday, June 1, 2018 12:25 PM

All replies

  • Keeping it simple:

    1 Save your bitlocker recovery key

    2 delete the TPM protector on the command line:

    manage-bde c: -protectors -delete -type tpm

    3 clear/reset the TPM in tpm.msc

    now suspend bitlocker

    4 do the firmware upgrade

    5 re-add the tpm protector to the bitlocked drive

    manage-bde -protectors -add -tpm c:

    • Marked as answer by RedSox_DK Saturday, June 2, 2018 7:42 AM
    Friday, June 1, 2018 12:25 PM
  • That worked like a charm!

    Thank you very much!

    Saturday, June 2, 2018 7:42 AM
  • mt  tpm   bitloker password
    Saturday, June 2, 2018 11:32 PM