INTRODUCTION

I’m guessing that the first question you’re asking is: “Why should I downgrade from TPM 2.0 to 1.2?”.

I would say that the main reason for downgrading from TPM 2.0 to TPM 1.2 would be that your environment is running Windows 7 SP1 and/or Windows Server 2008 R2 without the hotfix to enable TPM 2.0 support. Since most companies are in the process of moving away from Windows 7, it might not be worth the additional hassle to apply the hotfix, but rather let these machines remain at the TPM 1.2 firmware.

SOLUTION

PREREQUISITES

  • HP TPM Configuration Utility
  • Latest HP BIOS version
  • BIOS configured for “TPM Activation Policy” to Hidden. This is required if you wish to skip the “Press F1” requirement upon reboot following a TPM firmware change.

ASSUMPTIONS

  • Knowledge about creating packages in Microsoft Configuration Manager

DOWNLOAD HP TPM CONFIGURATION UTILITY

Download the TPM Configuration Utility and extract the files. For more information on how to download the HP TPM Configuration Utility refer to my other blog post on how to upgrade TPM from 1.2 to 2.0.

Once extracted, you will have the following files:

If you have a look in the Firmware folder, you will see a number of firmware files.

Move these files to the main folder.

 

RETRIEVE TPM INFORMATION

First of all, we will need to gather the TPM information from a reference computer so we know what TPM firmware to use.

In order to know which firmware file to use, we will need to gather the Manufacturerversion.

In this example, we will gather it using Powershell, but it is also possible to retrieve this information as part of the hardware inventory sent to Configuration Manager.

Open an administrative Powershell prompt and run:

Get-TPM

ADD FILES TO SHARE

Select the firmware files you want and add them to a share accessible by SCCM.

CREATE PACKAGE IN SCCM

Download and extract the latest version of  HP TPM Configuration Utility

If you are using a BIOS password, you will need to create a *.bin file containing your password using <tool> which is included in the HP TPM Configuration Utility files.

As I mentioned before, the TPM Upgrade Utility contains a number of firmware files that needs to correspond with the Manufacturerversion.

Here are the files that are included in my package:

downgrade hp tpm

Create a standard package without a Program.

CONFIGURE TASK SEQUENCE

Create a new custom Task Sequence.

In order to downgrade TPM, Bitlocker will need to be disabled.

Add a Disable Bitlocker step at the top of the Task Sequence and

For each Manufacturer Version in your environment create a command line step, with the following command line:

Tpmconfig64.exe -s -fTPMfirmware.BIN -ppasswordfile.bin
downgrade hp tpm

In the Options tab, use the following WMI query:

root\cimv2\Security\MicrosoftTpm
Select * From Win32_Tpm Where SpecVersion Like "%2.0%"
Select * From Win32_Tpm Where ManufacturerVersion Like "%7.40%"

That is all!

REFERENCES

RELATED POSTS