Comments (10)
OK thanks for the confirmation. I was happy I could make it work with the two packages, but it left me thinking I could have something wrong.
I was thinking either have the bios settings run before the updates and at the end. That would solve my problem with the TPM needing to be enabled because the first run would set a couple parameters, error on TPM Check. Then run again finish enabling the TPM, possibly error on TPM check if the system requires a reboot to fully enable the TPM, but then should be successful on the 3rd run.
But I'm not sure if that would solve your BIOS-Update issue as the update could run even if the settings was changed before and requires a restart to take effect.
Maybe a switch on the script to have it only run specific processes?
from biossledgehammer.
Thanks for the report and no, you didn't do anything wrong. This configuration is indeed a dead end, as even TPM-BIOS-Settings.txt does not help in this case as this file will only be applied when a TPM was detected. Which will never happen when the TPM is hidden because the script dies before.
The only solution right now is indeed to have two installations where the first only changes the TPM settings with BIOS-Settings.txt and the second one is the "full" version that includes the rest. There is currently a change requested for a similar problem with BIOS updates (see #78), maybe we can use something similar here.
However, this one is will be more complicated because the change requires a reboot. Let me think about this some days, I do not have any idea how to solve this in a way that does not make it more complicate.
from biossledgehammer.
My solution would look like this:
For every update section we have (BIOS-Update, ME-Update and TPM-Update), we would support two additional "Prepare" files. Those files would be execute before the update handling starts and are meant to prepare the computer in order to make the update possible.
They differ from the already existing *-BIOS-Settings.txt files as they would execute always and if a change is detected, a restart is requested. If no change to the current BIOS settings is detected, the next file is processed. In your case, with a complete locked TPM, the process would be like:
TPM-BIOS-Settings-Pre1.txt
is executed.
TPM Device == Available
Activate Policy == No prompts
After the files is executed, BIOS Sledgehammer detects that BIOS settings were changed and requests a reboot. On the next run, TPM-BIOS-Settings-Pre1.txt
is executed again and no changes are detected.
TPM-BIOS-Settings-Pre2.txt
is executed.
TPM State == Enable
After the files is executed, BIOS Sledgehammer detects that BIOS settings were changed and requests a reboot.
On the next run, TPM-BIOS-Settings-Pre1.txt
is executed (no change, no reboot), then TPM-BIOS-Settings-Pre2.txt
is executed, again no change, so no reboot.
Now the handling of TPM-Update.txt
starts which will work because the TPM is both available and enabled. The existing settings we have in TPM-BIOS-Settings.txt
are executed only when an update is required (as it is today) because it doesn't make any sense to change them in case no update is required.
There are only some disadvantages I see with this approach:
- We will have additional reboots and therefore the staging of a machine will take longer
- The BIOS settings in the -Pre*.txt files will be executed every time, extending the runtime of the script as well
- In case the operator uses an incorrect setting in those new files (e.g. a text setting like Ownership Tag), we will have a reboot loop. That's because "touching" this field, even with the same text as before, is considered a change.
Please let me know what you think.
from biossledgehammer.
@EskimoRuler Could you please check if my proposed solution make sense from your point of view?
from biossledgehammer.
@EskimoRuler Any updates?
from biossledgehammer.
@texhex I apologize for my lack of response on this.
I again want to say your tool works great, I really appreciate the work that you have put into this.
So I've done some small deployments with your tool using two packages. One that just does BIOS Settings and the other does BIOS Updates. I run the Settings Package twice, and the BIOS Package once. I've just opted to tackle the TPM updates in the future right now.
Your solution would definitely work, but I can see the disadvantages for sure, and The additional Config files will start adding up too.
I still like the idea of having a parameter(s) to run only BIOS-Settings, TPM-Update, BIOS-Updates, etc. You could maintain one package for all, and for the first couple runs I would just specify BIOS-Settings.
What I do to save a little time is use the return codes to determine if I need a reboot between the two BIOS-Settings and the BIOS-Update. If I get anything other than 0 on the BIOS-Settings, I reboot, I add the 666 code in the Success Codes for the TS Step. And I only reboot after a BIOS-Update if it returns 3010.
from biossledgehammer.
Thanks for the update, let me think a bit about it, maybe I can add it in a way it does not make things more complicated that they are already.
Regarding the possibility to start certain sections with parameters: Please explain what the advantages of this would be, I don't get it right now. The sequence they are started should make sense from my point of view.
from biossledgehammer.
@EskimoRuler I have thought about using a different approach for this to avoid all the extra files, but I came up empty. The only idea I had was to specify somehow an order with the settings file itself. Although this would reduce the number of files, it would actually complicate things. So given that you now use a different solution and nobody else requests a solution for this, I would like to skip this change for now.
However, I'm still interested in why you want to have a parameter to start a specif section.
from biossledgehammer.
@EskimoRuler I'm closing this issue for now. Please feel free to reopen it if you think we should make a code change here.
from biossledgehammer.
hey folks i bought a renewed SF315-52 and found that it has no tpm (bios says its not installed) but for some reason it is enabled by default... how is that? if it is not installed how it can be enabled, disabled, cleared? what if it has been switched off in the shop, can i re-enable it?
from biossledgehammer.
Related Issues (20)
- Communication with BCU fails for systems with PowerShell 4.0 HOT 2
- BIOS update needs BIOS-Update-Settings.txt HOT 37
- Running BiosSledgehammer.ps1 from SCCM task sequence HOT 23
- New HPFIRMWAREUPDREC tool with new HP models HOT 3
- IFXTPMUpdate_TPM12_v0443.com HOT 2
- HP EliteBoolk Folio 9480m - BIOS Update 1.46/ME Update 9.5.65.3000 HOT 1
- HP EliteBook 9470m - BIOS Update F.72 (ME is still the same) HOT 1
- HP EliteBook 8xx G4 (Shared): BIOS 01.25/ME 11.8.60.3561 HOT 1
- HP EliteBook 8xx G5 (Shared): BIOS Update 1.06 HOT 1
- Update BIOS Configuration Utility (BCU) to 4.0.26.1 HOT 1
- Change TPM-BIOS-Settings.txt to TPM-Update-BIOS-Settings.txt HOT 1
- Ampersand in BIOS Settings HOT 5
- Issues getting HP EliteDesk 800 G1 SFF to boot after applying BIOS settings HOT 2
- Issues updating HP Elite Compaq 8300 BIOS HOT 3
- Not running as expected HOT 2
- Intel Software Guard Extensions (SGX) changes require key presence HOT 3
- Can't update BIOS settings since BIOS manual upgrade HOT 1
- HP ZBook 14 G2 Model Not Listed - Can't Update TPM from 1.2 to 2.0 HOT 1
- AMD Dash support?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from biossledgehammer.