How can I determine if there’s a TPM chip on my Lenovo system for BitLocker ?

Posted on September 1, 2011 by ncbrady

If you haven’t don’e so already check out my similar post on verifying if there’s a TPM present for Dell systems here.

Using similar logic (it works after all :-)) I’ve changed the script to
look for the Lenovo programmed response and edited my task sequence to
load the required Lenovo drivers in the order they must be placed, the
Lenovo Check for TPM group will only run based on a wmi query, the wmi
query is as follow

Select * from Win32_ComputerSystem where Manufacturer like "%Lenovo%"

Attached Image: monthly_09_2011/post-1-0-09094200-1314869701.png

In this group we have a sub-group which plugs the needed drivers into our WinPE session (without the need for changing your boot images, cool huh ?)

The sub-group is called Prepare SMBUS and SMBIOS (much like Prepare CCTK and HAPI on the Dell TPM check) and has three steps

xcopy Lenovo

Install SMBUS Driver

Install SMBIOS Driver

Xcopy simply copies the Lenovo specific drivers *see screenshot*

Attached Image: monthly_09_2011/post-1-0-96224900-1314869174.png

from our previously created BitLocker Tools
package to where we want them, you’ll need to download the SMBUS and
SMBIOS drivers from Lenovo (ask your Lenovo TAM if you cannot find them)
and the next two commands install the correct drivers from the xcopied
source.

Attached Image: monthly_09_2011/post-1-0-62400800-1314869089.png

Next we have the Install SMBUS Driver, which does just that, it installs the required SMBUS driver for Lenovo, note that this step will fail unless you specify the working directory, in our case it’s x:\lenovo\tpm\smbus

Attached Image: monthly_09_2011/post-1-0-60023700-1314869127.png

The Install SMBIOS Driver loads another driver but you must also specify the correct working directory for THAT driver otherwise once again it will fail.

Attached Image: monthly_09_2011/post-1-0-95557900-1314869142.png

After successful completion of that group we xcopy the Lenovo files to a sub directory of our %scriptroot% before running the actual Check_for_TPM_Lenovo.WSF file, this will only set our TPM_Available variable=True if the correct string is found, otherwise the variable will be false.

Attached Image: monthly_09_2011/post-1-0-19729500-1314869880.png

The remaining steps in this group will run/not run based on the result of that variable.

here’s the script


 
 
<job id="checkTPM">
  <script language="VBScript" src="..\ZTIUtility.vbs"/>
  <script language="VBScript">
 
    Dim oShell
    Set oShell = CreateObject("WScript.Shell")
    
    oEnvironment.Item("TPM_AVAILABLE") = False
      
      retCode = oShell.Run("cmd /c " & Replace(WScript.ScriptFullName,WScript.ScriptName,"") & "tpm_activate_cmd.exe /verbose | find " & chr(34) & "TPM is present in this system" & chr(34) , 0, True)
 
      If(retCode = 0) Then
        oEnvironment.Item("TPM_AVAILABLE") = True    
      End If
      
      WScript.Quit(0)
 
  </script>
</job>

have fun !
cheers
niall

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.