10 Replies Latest reply on Jan 2, 2018 8:44 PM by Intel Corporation

How to clear a TPM2 so I can provision it again?

ManolisR Dec 8, 2017 7:43 AM

Hello everyone, first time posting here.

I am using the TPM 2.0 module AOM-TPM-9665 on a Supermicro X10SDV-TLN4F and I used the example AuthPolicy to provision it, through the uefi shell, and enabled TXT. I followed the instructions at [1].

I did that in order to better understand how I can provision TPM. But now I have created a new AuthPolicy with a custom pass phrase and I want to use this one. The problem is that when I try to clear the old authPolicy, when I run `ResetPlatformAuth.nsh sha256 EXAMPLE` I get the error "Did not satisfy PlatformPolicy Provisioning FAILED Setting PlatformAUth to EMPTY failed". What am I missing? Any suggestions?

I am pretty sure I haven't understood something correctly. If anyone can point me on where I can get more documentation on the correct usage of TPM, I will be grateful.

[1] https://www.supermicro.com/manuals/other/TPM.pdf

1. Re: How to clear a TPM2 so I can provision it again?

Dec 8, 2017 6:28 PM (in response to ManolisR)

This message was posted on behalf of Intel Corporation

Hello Manolis,

Regarding your question, “On how to clear the TPM 2.0 module AOM-TPM-9665 on a Supermicro X10SDV-TLN4F“.
First, let me ensure I will do my best to help you, but the best source of information on this module will be best to contact Supermicro’s support. Select Hardware Monitoring and then TPM.

Please download the following manual for the TPM. I kown is the same page you have posted, but is
Then go to page 40.
There you will find the option to select to clear.
I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
2. Re: How to clear a TPM2 so I can provision it again?

Dec 13, 2017 11:15 PM (in response to Intel Corporation)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! Wanted to follow up and see if there is anything else I can help you with.

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
3. Re: How to clear a TPM2 so I can provision it again?

ManolisR Dec 14, 2017 2:24 AM (in response to Intel Corporation)

Hello Henry and thank you for your answers!

I am sorry I didn't respond earlier but in the meanwhile I emailed Supermicro support about the same thing. Unfortunately I haven't been able to get an answer on whether it can be cleared or not. They are currently trying to find out.
I followed the instructions in page 40 to 46, but I still cannot clear the tpm. I still get the same error as in my previous post. What am I doing wrong? According to the documentation I should be able to clear it. Any ideas?
Like Show 0 Likes(0)

Actions
4. Re: How to clear a TPM2 so I can provision it again?

Dec 14, 2017 10:09 PM (in response to ManolisR)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! Not sure how the BIOS on this board could be set. I will recommend to also remove power and battery from the board, then look for a jumper to clear BIOS/CMOS and then connect only power to try and boot, this should clear and set to factory settings.

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
5. Re: How to clear a TPM2 so I can provision it again?

Dec 16, 2017 10:36 PM (in response to Intel Corporation)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! Just wanted to follow up and ensure you had received the last information provided..

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
6. Re: How to clear a TPM2 so I can provision it again?

ManolisR Dec 19, 2017 4:38 AM (in response to Intel Corporation)

Hello Henry,

Thank you for your help but unfortunately clearing the bios doesn't clear the tpm. Neither the tpm clear option or reseting everything.

According to the tpm provisioning documentation, "ResetPlatformAuth.nsh" is the correct way to clear them, which doesn't work.

Thank you,
Manolis
Like Show 0 Likes(0)

Actions
7. Re: How to clear a TPM2 so I can provision it again?

Dec 19, 2017 10:07 PM (in response to ManolisR)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! If is not working then it has to be related to security set to the file or BIOS protection. Only option will be to contact Supermicro for support.

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
8. Re: How to clear a TPM2 so I can provision it again?

Dec 23, 2017 9:22 PM (in response to Intel Corporation)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! If the changes are not working on the BIOS, then it has to be related to security set to the file or BIOS protection. Only option will be to contact Supermicro for support.

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions
9. Re: How to clear a TPM2 so I can provision it again?

ManolisR Jan 2, 2018 12:05 AM (in response to Intel Corporation)

Hello Henry and Happy New Year!

I have another question for TPM. Tell me if I need to start a new thread about this.

How can I use tpm effectively for security? I can't find documentation for this. How can I check that nobody tampered with the hardware or/and software. Can TPM check these things?

Thank you,
Manolis
Like Show 0 Likes(0)

Actions
10. Re: How to clear a TPM2 so I can provision it again?

Jan 2, 2018 8:44 PM (in response to ManolisR)

This message was posted on behalf of Intel Corporation

Hello Manolis,

I hope you are doing well! Normally will need to open a new thread. But because the TPM is set on a customer BIOS for a SuperMicro, I will recommend to contact them. Or do a search with videos on Google.

I hope this information helps

If there is anything else we can help please feel free to ask.

Best regards,

Henry A.
Like Show 0 Likes(0)

Actions

Go to original post