TPM Configuration

To specialize your search, enter a keyword, phrase or question in the box below.

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

1. Do Dell Latitude™ E-Family Laptops and Precision™ Mobile Workstations ship with a Trusted Platform Module (TPM)?

   Yes. These business class PCs come standard with a TPM that conforms to v 1.2 of the Trusted Computing Group specification. These machines incorporate a TPM as part of an integrated security chip that also includes Dell ControlVault, a hardware container used for storing secrets such as passwords and fingerprint templates.

2. What is a TPM?

   A TPM or Trusted Platform Module is a chip that is integrated into your system’s motherboard that stores information such as passwords, keys and certificates. The nature of this chip ensures that the information stored within is secure from external attack and physical theft.

   For further information visit the Trusted Computing Group TPM FAQs Website.

3. What is the Trusted Stack Software (TSS)?

   The TSS is a software specification that provides a standard API for accessing the functions of the TPM.

   Please visit the Trusted Computing Group website for further information on TSS specifications.

   • Trusted Computing Group TSS FAQ
   • Trusted Computing Group TSS 1.2 Specs FAQ
4. How do I know if I have a TPM?

   To verify if your computer has a TPM you must go into the BIOS and check or you may go to the vendor’s website and search for the product in question to find out if the TPM is built into the motherboard.

5. How do I set up a TPM?

   The TPM setup is OEM specific, follow the links provided below for platform specific instructions.

   Enabling a TPM for a Dell Platform

   TPM Setup with Dell Platform: To get detailed instructions on installing and enabling your TPM, please visit http://support.dell.com for the product that you own to find the information you are looking for. Basic steps would include:

   1. Turn on or reboot your computer, during the startup screen, press F2 to go to the BIOS setup menu.
   2. On the BIOS menu, using the arrow keys go to Security settings category, press the < Enter > key. Select TPM Security and on the right side of the menu select On.
   3. You have just turned On the TPM hardware on the BIOS, now you need to Activate the TPM. To do so you will need to restart the computer, during the startup screen, press F2 to go into the BIOS setup menu again.
   4. On the BIOS menu, under Security select TPM Activation . On the right side you will select Activate.
   5. You have just enabled the TPM hardware on the BIOS, now you save the configuration, by press key, choose to Save/Exit , then the computer will be restarted.

   Go to the Dell Website and download the latest TPM device driver software. The package that you will download from the Dell website contains the following:

   • TPM device driver (Broadcom, Atmel, or ST Microelectronics)
   • NTRU TSS software
   • Dell Embassy Trust Suite PBA software

   Enabling TPM for Lenovo/IBM Platform

   IBM/Lenovo ships its systems with the TPM disabled in the system’s BIOS, so before you do anything you must access the BIOS and enable the chip.

   1. To do this, reboot or power up your system and press the F1 key when you see the IBM logo screen or the POST screen.
   2. Once in the BIOS setup utility, use the arrow keys to select Security and press enter.
   3. Next select IBM Security chip and press enter.
   4. Now you should see the Current setting for the chip, if it is set to Disabled, press enter and choose Enabled on the blue window that pops up.
   5. Now press F10 to save your changes and reboot, select Yes when prompted by the Setup Confirmation.

   The next step is to visit the IBM Security web page and obtain the following software:

   • TPM Driver for your system
   • Trusted Stack Software (Client Security Software)

   Once all of the software is installed, you will be asked to reboot, following the reboot you will be presented with a wizard that guides you through setting up and taking ownership of your TPM, adding users who are authorized to use the TPM, as well as setting passwords for them.

   Enabling TPM For Infineon-based systems

   Most Infineon based systems come with the TPM enabled at the BIOS level. If you want to check that the TPM chip is enabled, you can reboot your system and access the BIOS by pressing the appropriate key and going to the security section of the BIOS. The status of the chip can be checked there. If you see that it is disabled, follow the instructions to change the status to Enabled.

   The next step is to install the software provided by your system’s manufacturer. This will either be on a setup CD or downloaded from the manufacturer’s support web page. Once the software has been successfully installed and you have completed rebooting the system you should notice an icon in your system tray that will say that your TPM has been installed and is now ready for you to take ownership. Clicking on that icon will launch the wizard that will guide you through the process of taking ownership and setting up keys and user passwords for the TPM on your system.

6. How can I tell if my TPM is working?

   Go to the Control Panel > Device Manager. Expand the System Devices (for Windows XP) or Security Devices (for Windows Vista) and search for the TPM device of your system, once you find it double-click on it to view the device’s Properties. If you are unable to view the TPM device on the device driver, you may need to enable the TPM on the BIOS and installed the device driver software.

7. Is EMBASSY® Trust Suite compatible with Vista?
   EMBASSY Trust Suite and Vista Compatibility
   

   Dell has released ETS "Lite" for Vista as version A14. This package includes Embassy Trust Suite, UPEK drivers, and the NTRU TSS. If your system shipped with a pre-installed copy of Embassy Trust Suite, you can obtain the Vista-compatible version from the Dell website.

   If you are upgrading from XP to Vista, Please follow the upgrade instructions:
   XP to Vista Upgrade
   

   ETS Enterprise Security Dell Edition 3.x and Wave ETS 6.x fully support the Windows Vista OS.

   Previous versions of these products do not support the Windows Vista OS.
   

   Upgrading to a Vista-compatible version of ETS

   • Dell customers should visit the Dell website for updates. (For more information on obtaining updates for your Dell computer, please see the following article PBA-002.)
   • If you purchased ETS Enterprise through Envoy Data or Dell, you will need to purchase a new license.
8. What is EMBASSY Remote Administration Server (ERAS) and what does it do for my network?

   The EMBASSY Remote Administration Server (ERAS) enables IT administrators to remotely deploy and manage clients that are equipped with Trusted Platform Modules (TPM) and/or Seagate Momentus 5400 FDE.2 Trusted Drives.

9. What are the main features of ERAS?

   ERAS gives IT administrator the tools they need to boost enterprise security while keeping deployment and management costs at a minimum.

10. How do TPMs compare with SmartCards or Biometrics?

    They are complementary to the TPM, which is considered a fixed token that can be used to enhance user authentication, data, communications, and/or platform security.

    A SmartCard is a portable token traditionally used to provide more secure authentication for a specific user across multiple systems, while biometrics are providing that functionality in an increasing number of systems. Both technologies have a role in the design of more secure computing environments.

11. Will the TPM send my private information to third parties without my knowledge?

    No. The TPM is meant to store passwords, keys, certificates and biometric information, keeping them private for each individual user who is enabled to use the TPM on that system. Any time the TPM is accessed by a software request, you should be prompted for your user access password that you created during the TPM setup wizard so this way you will know when an application is interacting with the TPM. There is no inherent functionality in the TPM to periodically send information to a third party such as a government agency or your company’s IT department.

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form