Disabling BitLocker to permit firmware updates (Windows only)
To allow firmware updates, temporarily disable BitLocker support.
-
Click
Start, and then search for
gpedit.msc
in the Search Text box. - When the Local Group Policy Editor starts, click Local Computer Policy.
- Click .
- When the BitLocker settings are displayed, double-click Control Panel Setup: Enable Advanced startup options.
- When the dialog box appears, click Disable.
- Close all windows, and then start the firmware update.
To enable advanced startup options:
-
Enter:
cscript manage-bde.wsf -protectors -disable c:
-
When the firmware update process is completed, the BitLocker Drive Encryption support can be re-enabled by following steps 1 through 4 but clicking Enabled in step 5 instead. The following command can be used to re-enable BitLocker Drive Encryption after firmware deployment has completed.
-
Enter:
cscript manage-bde.wsf -protectors -enable c:
The following table describes TPM detection scenarios that you might encounter.
Scenario |
Result |
---|---|
TPM is detected and enabled, using GUI mode, and a system ROM must be updated. |
SUM displays a warning message indicating that it detected TPM. SUM offers an option to Ignore Warnings. You can only deploy the updates if you select Ignore Warnings. |
TPM is detected and enabled, using CLI or Input file mode, the
|
No warning appears. Because the installation is silent, the installation is terminated and cannot continue. The SUM user log for the node will indicate that TPM was present but no /tpmbypass or /ignore_warnings was passed. |
TPM is detected and enabled with Option ROM Measuring, using GUI mode, and a system ROM must be updated. |
A warning message appears. You can only deploy the updates if you select Ignore Warnings. |
TPM is detected and enabled with Option ROM Measuring, using CLI or Input file mode, the
|
No warning appears. Because the installation is silent, the installation is terminated and cannot continue. The SUM user log for the node will indicate that TPM was present but no /tpmbypass or /ignore_warnings was passed. |
TPM is detected and enabled, using CLI or Input file mode, the installation occurs, and the
|
The installation occurs. |
In the SUM GUI, you can ignore TPM on the Deploy screen. You can also ignore TPM in CLI or interactive CLI mode.