• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Surface Laptop 3 - A Year Old Problem (Just a Post, not a Problem)

    Scheduled Pinned Locked Moved
    Hardware Compatibility
    laptop 3 not in bios sl3 surface tpm
    3
    6
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttrammell
      last edited by ttrammell

      Apparently Microsoft has disabled TPM from their newer hardware since January 30, 2020 - as per this response: https://answers.microsoft.com/en-us/surface/forum/surflaptop3-surfsec/surface-laptop-3-no-tpm-settings-in-eufi/20c5a568-606e-40cf-a136-efd4e08dc35b

      We haven’t had a problem with previous devices (SP4 and SL2 works fine) - it just so happens that we bought SL3s recently, and this was the immediate problem.

      I was about to ask if anyone had an issue with this, but now I’m just throwing this up here for the sake of knowledge.

      Apparently the work around for this is to perform everything you normally would
      (I recommend disabling TPM from Powershell because you don’t have to reboot the machine to clear the TPM settings):

      CMD > powercfg -h off             # Disable Hibernation
PS  > Disable-TpmAutoProvisioning # New (Doesn't need restart)
PS  > Clear-Tpm                   # New (Doesn't need restart)
CMD > shutdown /s /t 0            # Shutdown Computer to prevent Sticky-bit

      Clearing TPM and disabling Secure Boot in the BIOS for UEFI still works like a charm.

      Microsoft TPM PS Commands: https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/?view=win10-ps

      Anyways, hope you all are having a good one.

      EDIT:
      To clear up confusion, because the post may be hard to read. This is in referrence to Microsoft removing TPM from their BIOS. This is a work around that worked for me on a Surface Laptop 3 by disabling TPM while inside the Windows OS.

      Yes, I really did just ask that question and I am only /slightly/ ashamed of it.

      george1421G 1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator @ttrammell
        last edited by

        @ttrammell FWIW your subject is a bit misleading. After reading what you posted several times I understand this

        Microsoft has removed the ability to change the tpm settings in the surface laptop 3 as of 30-Jan-2020. You must do this now via cli and powershell.

        I take it you are running those commands in sequence before capturing the image with FOG? I’m trying to understand what problem you are trying to solve? I think this is all great information, I’m just trying to understand how to apply it.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        T 1 Reply Last reply Reply Quote 0
        • T
          ttrammell @george1421
          last edited by

          @george1421
          Yeah, I am bad at that.

          So, we had an issue when we ordered SL3s - we couldn’t Capture an image from them, we would get an error on Capture about BitLocker needing to be disabled.

          SL3s didn’t have a TPM setting in BIOS that you would normally turn off (They have Secure Boot), like you would do for a normal UEFI setup on say a Dell E6410 - so I searched around and came across that.

          The two CMD commands:

          powercfg -h off
shutdown /s /t 0

          I’ve been using those for years now, because of the Sticky-bit issue and the Hibernation reason is lost to time - maybe it also had something to do with Sticky-bit, but I dont’ recall.

          The two new commands for Powershell:

          Disable-TpmAutoProvisoning
Clear-Tpm

          This is all entirely for the purpose of disabling TPM like how you would in BIOS.
          I don’t think doing the same thing on a Dell E6410 running Windows 10 would work - I would assume you would still need to disable TPM in the BIOS, but I have not tested that.

          So if you had a device, like a Surface Laptop 3, that had the issue where TPM isn’t in the BIOS then hopefully clearing the TPM settings in Windows itself before Capturing the image fixes the issue - as it did for me.

          So, problem: Cannot Capture an Image from an SL3: No TPM in the BIOS; keeps getting BitLocker error.
          Solution: Disabling TPM in Windows via Powershell worked to Capture the image; no BitLocker error.

          Hopefully that is a less confusing explanation of the post.

          Yes, I really did just ask that question and I am only /slightly/ ashamed of it.

          george1421G Tom ElliottT 2 Replies Last reply Reply Quote 1
          • george1421G
            george1421 Moderator @ttrammell
            last edited by

            @ttrammell Thank you for the clarity on this. I haven’t run into the issue since we only capture from a VM for our golden image, and then deploy to physical hardware.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 1
            • Tom ElliottT
              Tom Elliott @ttrammell
              last edited by

              @ttrammell the bitlocker issue is strange because we do see this from time to time. The fix? manage-bde -off c:

              This isn’t a tpm issue though. Typically its because Microsoft is essentially encrypting the free space.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              T 1 Reply Last reply Reply Quote 0
              • T
                ttrammell @Tom Elliott
                last edited by ttrammell

                @tom-elliott
                Normally I always disable TPM and Secure Boot before Imaging a machine - whether Capture or Deploy.

                The fact that TPM wasn’t in the BIOS got me started on this, and disabling TPM worked like normal when the PS commands were run.

                The issue with that command - I just ran it on the machine I Deployed to. BitLocker was never enabled - I get this error:

                ERROR: An error occurred (code 0x80310008):
BitLocker Drive Encryption is not enabled on this drive. Turn on BitLocker.

                Looked at BitLocker through Control Panel? Turned off.
                Right-clicked the <C: > drive in “This PC”? Asks if you want to Enable it.

                That’s why I was looking for TPM and not BitLocker.

                EDIT:
                I know I said “machine I Deployed to”. I didn’t have BitLocker enabled on the machine I Captured - my fix was disabling TPM.

                Yes, I really did just ask that question and I am only /slightly/ ashamed of it.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                220

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project