Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4761 Discussions

How to clear a TPM2 so I can provision it again?

MRagk
Beginner
4,724 Views

Hello everyone, first time posting here.

I am using the TPM 2.0 module AOM-TPM-9665 on a Supermicro X10SDV-TLN4F and I used the example AuthPolicy to provision it, through the uefi shell, and enabled TXT. I followed the instructions at [1].

I did that in order to better understand how I can provision TPM. But now I have created a new AuthPolicy with a custom pass phrase and I want to use this one. The problem is that when I try to clear the old authPolicy, when I run `ResetPlatformAuth.nsh sha256 EXAMPLE` I get the error "Did not satisfy PlatformPolicy Provisioning FAILED Setting PlatformAUth to EMPTY failed". What am I missing? Any suggestions?

I am pretty sure I haven't understood something correctly. If anyone can point me on where I can get more documentation on the correct usage of TPM, I will be grateful.

[1] https://www.supermicro.com/manuals/other/TPM.pdf https://www.supermicro.com/manuals/other/TPM.pdf

0 Kudos
10 Replies
idata
Employee
3,080 Views

Hello Manolis,

 

 

Regarding your question, "On how to clear the TPM 2.0 module AOM-TPM-9665 on a Supermicro X10SDV-TLN4F".

 

First, let me ensure I will do my best to help you, but the best source of information on this module will be best to contact http://www.supermicro.com/FAQ/index.php Supermicro's support. Select Hardware Monitoring and then TPM.

 

 

Please download the following manual for the http://www.supermicro.com/manuals/other/TPM.pdf TPM. I kown is the same page you have posted, but is

 

Then go to page 40.

 

There you will find the option to select to clear.

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! Wanted to follow up and see if there is anything else I can help you with.

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
MRagk
Beginner
3,080 Views

Hello Henry and thank you for your answers!

I am sorry I didn't respond earlier but in the meanwhile I emailed Supermicro support about the same thing. Unfortunately I haven't been able to get an answer on whether it can be cleared or not. They are currently trying to find out.

I followed the instructions in page 40 to 46, but I still cannot clear the tpm. I still get the same error as in my previous post. What am I doing wrong? According to the documentation I should be able to clear it. Any ideas?

0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! Not sure how the BIOS on this board could be set. I will recommend to also remove power and battery from the board, then look for a jumper to clear BIOS/CMOS and then connect only power to try and boot, this should clear and set to factory settings.

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! Just wanted to follow up and ensure you had received the last information provided..

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
MRagk
Beginner
3,080 Views

Hello Henry,

Thank you for your help but unfortunately clearing the bios doesn't clear the tpm. Neither the tpm clear option or reseting everything.

According to the tpm provisioning documentation, "ResetPlatformAuth.nsh" is the correct way to clear them, which doesn't work.

Thank you,

Manolis

0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! If is not working then it has to be related to security set to the file or BIOS protection. Only option will be to contact Supermicro for support.

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! If the changes are not working on the BIOS, then it has to be related to security set to the file or BIOS protection. Only option will be to contact Supermicro for support.

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
MRagk
Beginner
3,080 Views

Hello Henry and Happy New Year!

I have another question for TPM. Tell me if I need to start a new thread about this.

How can I use tpm effectively for security? I can't find documentation for this. How can I check that nobody tampered with the hardware or/and software. Can TPM check these things?

Thank you,

Manolis

0 Kudos
idata
Employee
3,080 Views

Hello Manolis,

 

 

I hope you are doing well! Normally will need to open a new thread. But because the TPM is set on a customer BIOS for a SuperMicro, I will recommend to contact them. Or do a search with videos on Google.

 

 

I hope this information helps

 

 

If there is anything else we can help please feel free to ask.

 

 

Best regards,

 

 

Henry A.
0 Kudos
Reply