Skip to main content

(Optional) Toggle the TPM version

Use this topic to set the TPM version.

Installing the corresponding UEFI firmware version is required before you can upgrade the TPM firmware to a certain version. Check the following table for the supported upgrade paths with different UEFI firmware versions and processors.

UEFI firmwareProcessorTPM 1.2 <-> TPM 2.0

(7.4.0.0<->7.2.1.0)1

TPM 1.2 upgrade

(7.4.0.0->7.4.0.1)

TPM 2.0 upgrade

(7.2.1.0->7.2.2.0)

Before v2.0.2

7002 series

2  

v2.0.2 and later

7002 series

 33

v2.0.2 and later

7003 series

  3
Note

  1. Supports a maximum of 128 times toggling.

  2. Toggling between TPM 1.2 and TPM 2.0 (7.4.0.0<->7.2.1.0) is supported when the following requirements are met at the same time.

    • UEFI firmware before v2.02 installed.

    • 7002 series processors installed.

    • Original TPM firmware version is either 7.4.0.0 or 7.2.1.0.

  3. Once the TPM firmware version has been upgraded, it cannot be rolled back.

Important
  • Check your UEFI firmware version to decide whether asserting physical presence is required before any changes to security settings.

    • UEFI firmware before v2.02

      Asserting physical presence is required.

    • UEFI firmware v2.02 and later

      Asserting physical presence is no longer required, all local accounts and some authorized remote accounts can directly change the settings.

  • Note that a Local IPMI user and password must be setup in Lenovo XClarity Controller for remote accessing to the target system.

Lenovo XClarity Essentials OneCLI commands

Using Lenovo XClarity Essentials OneCLI commands

Use the following commands to toggle the TPM firmware version.

TPM 1.2 (7.4.0.0) -> TPM 1.2 (7.4.0.1):

OneCli.exe config set TrustedComputingGroup.DeviceOperation "Update to TPM 1.2 firmware version 7.4.0.1" --bmc <userid>:<password>@<ip_address>

TPM 2.0 (7.2.1.0) -> TPM 2.0 (7.2.2.0):

OneCli.exe config set TrustedComputingGroup.DeviceOperation "Update to TPM 2.0 firmware version 7.2.2.0" --bmc <userid>:<password>@<ip_address>

TPM 2.0 (7.2.1.0) -> TPM 1.2 (7.4.0.0):

OneCli.exe config set TrustedComputingGroup.DeviceOperation "Update to TPM1.2 compliant" --bmc <userid>:<password>@<ip_address>

TPM 1.2 (7.4.0.0) -> TPM 2.0 (7.2.1.0):

OneCli.exe config set TrustedComputingGroup.DeviceOperation "Update to TPM2.0 compliant" --bmc <userid>:<password>@<ip_address>
where:

  • <userid>:<password> are the credentials used to access the BMC (Lenovo XClarity Controller interface) of your server. The default user ID is USERID, and the default password is PASSW0RD (zero, not an uppercase O)

  • <ip_address> is the IP address of the BMC.