Take special care when setting the TPM policy. If it is not set correctly, the system board can become
unusable.
Update the TPM 2.0 firmware
When a system board is replaced, you must make sure that the TPM 2.0 firmware is updated to the latest
version.
To update the TPM version:
1. Go to
http://datacentersupport.lenovo.com and navigate to the support page for your server.
2. Click Drivers & Software and download the latest version of BIOS/UEFI firmware.
3. Update the firmware. See “Firmware updates” on page 8.
4. Power on the system and press F1.
5. If you have set the power on password, enter the correct password.
6. Wait for about 90 seconds, the setup utilities window is displayed.
7. Navigate to System Settings ➙ Security ➙ Trusted Platform Module and update the TPM.
8. Reboot the system once the update is complete.
Set the TPM policy
By default, a replacement system board is shipped with the TPM policy set to undefined. You must modify
this setting to match the setting that was in place for the system board that is being replaced.
There are two methods available to set the TPM policy:
• From Lenovo XClarity Provisioning Manager V3
To set the TPM policy from Lenovo XClarity Provisioning Manager V3:
1. Start the server and press F1 to display the Lenovo XClarity Provisioning Manager V3 interface.
2. If the power-on Administrator password is required, enter the password.
3. From the System Summary page, click Update VPD.
4. Set the policy to one of the following settings.
– NationZ TPM 2.0 enabled - China only. Customers in the Chinese Mainland should choose this
setting if a NationZ TPM 2.0 adapter is installed.
– TPM enabled - ROW. Customers outside of the Chinese Mainland should choose this setting.
– Permanently disabled. Customers in the Chinese Mainland should use this setting if no TPM
adapter is installed.
Note: Although the setting undefined is available as a policy setting, it should not be used.
• From Lenovo XClarity Essentials OneCLI
Note: Please note that a Local IPMI user and password must be setup in Lenovo XClarity Controller for
remote accessing to the target system.
To set the TPM policy from Lenovo XClarity Essentials OneCLI:
1. Read TpmTcmPolicyLock to check whether the TPM_TCM_POLICY has been locked:
OneCl
i.e
xe
con
f
ig
show
imm.TpmTcmP
ol
icyLock
--override --imm
<user
id>:<p
assword>@<ip_address>
Note: The imm.TpmTcmPolicyLock value must be 'Disabled', which means TPM_TCM_POLICY is
NOT locked and changes to the TPM_TCM_POLICY are permitted. If the return code is ‘Enabled’
then no changes to the policy are permitted. The planar may still be used if the desired setting is
correct for the system being replaced.
212
ThinkSystem SR850 V2 Maintenance Manual
To Next Page
Loading...
