jdkoerner
Visitor.
2286 views

Using TPM with FDE

I was reading through the recovery section of the documentation and saw the
following info buried under section 9.0 Performing Recovery Operations on a
Standard Hard Disk

9.7 Activating TPM
The Trusted Platform Module (TPM) technology is not supported in ZENworks
Full Disk Encryption. Do not activate TPM. Doing so could result in a fatal
error (blue screen) on the device.

Is this referring to not having TPM running when doing a recovery or not to
have TPM not activated on a machine at all when using FDE? If so, shouldn't
this important information be in the quick start section?

Jim Koerner

0 Likes
1 Reply
bbeachem Absent Member.
Absent Member.

Re: Using TPM with FDE

In short, this is NOT APPLICABLE for ZENworks FDE. We currently don't expose any way to use ZFDE with a TPM, so you couldn't hit this scenario UNLESS you used the emergency recovery disk to try and enable the TPM to do FDE authentication while having an active PBA (which is not supported).

Have a TPM used for "other things" (so active in the BIOS and doing fingerprint or other credential logins) while having ZFDE deployed is TOTALLY FINE.

Sorry for the confusion. We'll update the documents.

jdkoerner;2198929 wrote:
I was reading through the recovery section of the documentation and saw the
following info buried under section 9.0 Performing Recovery Operations on a
Standard Hard Disk

9.7 Activating TPM
The Trusted Platform Module (TPM) technology is not supported in ZENworks
Full Disk Encryption. Do not activate TPM. Doing so could result in a fatal
error (blue screen) on the device.

Is this referring to not having TPM running when doing a recovery or not to
have TPM not activated on a machine at all when using FDE? If so, shouldn't
this important information be in the quick start section?

Jim Koerner
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.