How to Switch TPM from 2.0 -> 1.2?

[Nick H. Supervisor]

I feel like an idiot asking this question, but I've given up.

 

We have received a new T470s laptop in the office that we would like to install Windows 7 on to. That has been fine, nothing went wrong. But now we want to encrypt the drive using Bitlocker, and it keeps saying that it won't start the process because the TPM isn't compatible. That is also fine, because we know that while TPM 2.0 is enabled Bitlocker won't play nice. But here is where it gets frustrating, when I go in to the BIOS I can see the Security Chip section, and there is the display saying, "Security Chip Type: 2.0" but unlike in the past there seems to be no way to highlight it and switch it to 1.2 (or "DiscreetTPM" depending on computers).

 

As an aside, I notice that Dell have released a patch that enables TPM 1.2 on their computer, but it doesn't look like Lenovo have done that.

 

Does anyone have any suggestions? Could it be that with newer Lenovo models they are removing TPM 1.2 entirely? If so it seems a bit early for such a decision while businesses are still on Windows 7 while they weigh up moving to Windows 10.

[Mindovermaster Moderator]

You check for a newer BIOS version from Lenovo? You said you checked Dell's, but you never mentioned a Lenovo one.

[Nick H. Supervisor]

12 hours ago, Mindovermaster said:

You check for a newer BIOS version from Lenovo? You said you checked Dell's, but you never mentioned a Lenovo one.

I figured it was a given, but yes I checked Lenovo's site as well.

 

I'm going to contact them today. I've got too much other work to be getting on with to faff around with this.  I was just wondering if anyone here had an easy, "how did you miss this?" idea.

[Nick H. Supervisor]

Just to update, I got off the phone with Lenovo. The technician basically said, "there is nothing you can do. Upgrade your OS or buy older hardware." You've got to love the Germans, even the Swiss-Germans. They can be straight to the point.

 

Oh well, off to give the good news to the boss...

[Ulpian]

Why Bitlocker and not Veracrypt ?
Windows 10 sucks, so stay with Win7 as along as possible.

[Nick H. Supervisor]

16 minutes ago, Ulpian said:

Why Bitlocker and not Veracrypt ?
Windows 10 sucks, so stay with Win7 as along as possible.

Remember that this is an office setting, not home-use. I don't make the rules, I just follow them. But Bitlocker seems to be perfectly adequate for the business needs.

 

And we'll just have to agree to disagree on Windows 10.

[goretsky Supervisor]

Hello,

 

Have you tried posting a question in Lenovo's own support forum, just to see if the answer you receive is any different?

 

Regards,

 

Aryeh Goretsky

[Jim K Global Moderator]

My knowledge on Bitlocker/TPM is fairly limited ... but this wouldn't work?

 

https://support.microsoft.com/en-gb/help/2920188/update-to-add-support-for-tpm-2-0-in-windows-7-and-windows-server-2008

 

Edit:  Also found this which seems to indicate W7 + TPM 2.0 is possible on a T470 (at least the Skylake version)

https://forums.lenovo.com/t5/Enterprise-Client-Management/T470-20JN-Bitlocker-Problem-with-PCR-5-and-PCR-7/m-p/3735499/highlight/true#M3805

[Mando]

On 2/8/2018 at 9:37 AM, Ulpian said:

Why Bitlocker and not Veracrypt ?
Windows 10 sucks, so stay with Win7 as along as possible.

1 bitlocker is tightly integrated into W10, why add a feature that the OS has out of the box?

2 its at the hardware/OS level, not a 3rd party app and uses hardware TPM chips.

3 it plays better with other corp technologies and the Microsoft portfolio.

 

Windows 7 is on extended support, which is looming faster than you realise, and in a corp scenario that means it should be already being planned to be replaced on next CAPEX hardware refresh. 7 is rapidly becoming a corporate business risk, like or or loathe that, it is fact.

 

[spaceelf]

3 minutes ago, Mando said:

Windows 7 is on extended support, which is looming faster than you realise, and in a corp scenario that means it should be already being planned to be replaced on next CAPEX hardware refresh. 7 is rapidly becoming a corporate business risk, like or or loathe that, it is fact.

People will still be complaining about that and yelling how much anything newer sucks for at least four years afterwards (probably longer) just going by XP users.

 

Not that it won't be basically the same discussion it is now but at least we know what to expect.

[Mando]

Just now, dwLostCat said:

People will still be complaining about that and yelling how much anything newer sucks for at least four years afterwards (probably longer) just going by XP users.

 

Not that it won't be basically the same discussion it is now but at least we know what to expect.

yep exactly, the same when 98Se-XP......XP to W7......things change, things get old and not fit for purpose eventually.

[Anibal P]

On 2/9/2018 at 10:47 AM, dwLostCat said:

People will still be complaining about that and yelling how much anything newer sucks for at least four years afterwards (probably longer) just going by XP users.

 

Not that it won't be basically the same discussion it is now but at least we know what to expect.

 

Heard that all the time at work as we finally killed off that horrid OS

We're now rolling out 10 ans I'm ready for all the crying that will be coming soon

I work in health care, and they tend to be extra bitchy about EVERYTHING, especially security related necessities