Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support new "Physical Presence Interface" BIOS setting #39

Closed
texhex opened this issue Feb 20, 2018 · 7 comments
Closed

Support new "Physical Presence Interface" BIOS setting #39

texhex opened this issue Feb 20, 2018 · 7 comments

Comments

@texhex
Copy link
Owner

texhex commented Feb 20, 2018

According to a discussion on the HP forums there is now a setting in newer BIOS versions that can disable the extra "Press F1 to confirm" messages during TPM update.

The setting seems to be

Physical Presence Interface

With Disable or Enable setting.

This could be added to TPM-BIOS-Settings.txt

@texhex
Copy link
Owner Author

texhex commented Apr 11, 2018

@datagutten
Copy link
Contributor

datagutten commented Apr 20, 2018

I tried it on a ProBook 430 G3 where it required me to enter a four-digit code from the screen to disable Physical Presence Interface.
The prompt appeared after the prompt for TPM update, so placing it in TPM-BIOS-Settings.txt seems pretty useless.
To have any effect, the setting should be applied and the computer rebooted before the TPM update is applied.

@texhex
Copy link
Owner Author

texhex commented Apr 23, 2018

I had a longer discussion about this setting with a HP technician last week, especially because there is zero documentation available. He explained it that the PPI expects this code because the overall security of the BIOS itself is lowered as all actions would he "hidden" - so this would explain that a code is needed.

You are absolutely right, it does not make sense to include this setting unless there are two or three changes outstanding. This is not possible at this time, as each section is processed independently by the script. But on the other hand: I do not now know if it makes more sense to have to enter a code once, or just press F1 two or three times. The "Fully silent" install it broken in any case.

However, he hinted at something: According to him "TPM Activation Policy" set to NO PROMPTS would prevent the TPM update confirmation. Do you have any test machines that require a TPM update where you could test that? Maybe we could get rid of the TPM update message that way.

@datagutten
Copy link
Contributor

I tested on a ProBook 640 G2 where I added TPM Activation Policy==No prompts to TPM-BIOS-Settings.txt. Then TPM was upgraded without questions.

@texhex
Copy link
Owner Author

texhex commented Apr 25, 2018

Thanks for the test and good to hear it works. I will check in the next days for all models that support the SLB9670 update to include this setting in TPM-BIOS-Settings.txt.

I will have access to some more test devices next week and once the change is included, will release 4.1.

@texhex
Copy link
Owner Author

texhex commented May 7, 2018

Version 4.0.6 was released yesterday, closing this issue.

@texhex texhex closed this as completed May 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants