Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I’ve recently had the need to do some experimenting with a TPM (http://en.wikipedia.org/wiki/Trusted_Platform_Module). I’ve got a ThinkPad T60, and was fairly confident heading into this process that it included the necessary hardware, but I wasn’t able to get the chip to be detected (the last paragraph below describes the problem I was seeing). Anyway, for posterity, here’s how I got it working:

1. Install the latest BIOS from Lenovo. Be careful - during my search, I found some live links to old versions of the BIOS, and the actual revision of the BIOS payload contained therein is not clearly spelled out. Best to start from the initial support page and search for the latest updates for your model. For the record, I’m now using BIOS version 2.12. This link got me started down this path - http://msmvps.com/blogs/mika/Default.aspx.

2. Enable the TPM in the BIOS. To get there, press the blue ThinkVantage button during boot, select the BIOS option, and then navigate to the Security subsection. TPM support is turned off by default.

3. At this point, Vista may still not recognize the TPM device. In my case, it didn’t. This link - http://www.infosecnews.org/hypermail/0611/12425.html - clued me into the problem: the driver isn’t getting installed. The solution: run devmgmt.msc and right-click on one of the "Other devices" listed in the tree without driver support installed. In my case, that was the one not-installed device that wasn’t the Biometric Coprocessor, since the latter refers to the builtin fingerprint reader. Select update driver, and have it search automatically via the web. After driver install, the "Trusted Platform Module 1.2", device type Security Devices, is listed.

4. Then run tpm.msc from Start | Run. If the above worked, you’ll be able to click on the Initialize TPM option in the right pane. If the above didn’t work, you’ll see something to the effect of "No TPM 1.2 compatible device can be found" and you’re back to square one. Hopefully that won’t happen …

 

Permalink |

3 Comments »

  1. Dear Dan Griffin,
    I am Hung, ling ving in Japan. I am using Thinkpad T60 2007 4 AJ with XP pack 2 windows, and now it has a problem with Biometric corprocessor. I cant install this device. And the Laptop seems to have slower running speed. Do I need to install that device? And How could I?
    Thank you very much!
    P/S: I searched the key word for this problem, then I got your page.

    Comment by Nguyen Phuc Hung — January 31, 2008 @ 4:36 am

  2. Did you check the manufacturer’s website for the drivers for the fingerprint reader? That’s your best bet for solving that particular problem.

    Regarding sluggish performance, hard to say. Did you start by doing a clean-install of XPSP2, to get of all of the manufacturer’s pre-loaded software? That stuff will really slow down your machine. It’s time consuming to re-install your machine from scratch, though.

    Comment by dan — January 31, 2008 @ 10:50 am

  3. Dear Dan Griffin,
    Thank you very much for your reply and helpful instructions. Actually, I dont understand much about the knowledge of computer. I have read from some websites, and they say that biometric coprocessor is something related to fingerprint reader. Is that true? I see a section in my laptop used for fingerprint, but I dont use that to log on this laptop.
    So your confirmation is that uninstalled biometric coprocessor is not the reason for making the machine slow, isnt it?
    I will follow your guidance to re-install windows for my machine tomorrow and remove some softwares unnecessary.
    Thank you very much,
    Best regards

    Comment by Nguyen Phuc Hung — February 2, 2008 @ 10:05 am

RSS feed for comments on this post. TrackBack URL

Leave a comment