Trying to update TPM firmware on 9360 gives me "Blocked by TPM FW Policy" error from firmware #93
Comments
|
@superm1 any ideas here? I know it's not your problem any more, but I figured you might know who to ping. |
|
I would suggest trying to clear the TPM in BIOS setup first and trying it again |
|
@superm1 Tried that, no change. |
And this update is intended for this system / tpm right? If so, then Dell needs to repro and look further into it to solve. |
|
@mjg599 can you confirm the source/name of the update(s) you're trying to run? Especially the v2.0 one. Will escalate this internally. |
After reboot, gives me the "Update failed: Blocked by TPM Policy" error. fails with the same error. get-history gives: |
|
@mjg59 Could you attach the output (or at least the TPM portion(s)) from?:
Mainly I want to confirm the current FW version |
|
(Presumably you want the current BIOS version too - in case there is something to do with the BIOS version on the machine controlling this policy) |
|
|
The DXE driver is the likely culprit for disallowing the update between those particular TPM FW versions, which is typical when seeing the "Blocked by TPM FW Policy" error. The FW version you need is 1.3.2.8, and DXE should allow a direct upgrade from the current version. Additionally, it seems you're on a recent/latest BIOS for your platform so that should not be an issue. Unfortunately, there are no capsule builds available (via LVFS or otherwise) due to the fact that it was published at a time before Dell was fully qualifying most/all TPM releases for Linux release. Therefore, my suggestion is to retrieve the TPM FW v1.3.2.8 directly from Dell.com for the XPS 13 9360, and use a WinPE key to facilitate installation. |
|
I tried running the 1.3.2.8 update from https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=0DJC8 under FreeDOS (the 32-bit version does not require Windows) and it generates the same error. |
|
Nuvoton has verified the upgrade path from 5.81.0.0 (TPM1.2) -> 1.3.2.8 (TPM2.0) is allowed from FW perspective. As a result, it's unclear whether they are mistaken or there is something unique happening on your side. The FW utility link you shared in his issue is an older utility, the latest for FW v1.3.2.8 for his platforms is: https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=8n08g&oscode=wt64a&productcode=xps-13-9360-laptop You MAY need to run WinPE for this because FreeDOS may not be supported by this FW Update wrapper anymore. Alternatively there is another TPM1.2 FW Update (though not officially published for your platform): https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=twhk9&oscode=wt64a It should be supported based on the FW you have now. This is TPM1.2 FW v5.81.2.1, which is a newer TPM1.2 FW to the v5.81.0.0 on your system. Could you give this one a try? Once again, might need to run in WinPE directly. If the above still doesn't help, let me know and we can look further. |
|
Same failure with both the 1.3.2.8 and the 5.81.2.1 updates. |
|
Can you confirm that the TPM is not owned? |
|
I'm clearing the TPM in the firmware before each attempt |
|
Just for clarity can you again confirm the error is still the "Blocked by TPM FW Policy" message, and that you're using WinPE? |
|
Yes to both |
|
Hi again, I wanted to let you know we're currently working with the component vendor to find whether there are commands that can be run on your end to pull some specific diagnostic information we're looking for. Where we go from there will depend on their response. |
|
Hi again - this is probably a long shot but is there a chance you are still using the same factory install on that machine? And if not, by chance might you have made OEM Ubuntu recovery media using the software tools shipped with that device? The reason I ask is because recovery partition files would make it easier for us to learn what exactly took place during the factory process for that machine. We're still pursuing the action from my last message. |
|
I'm afraid not - I reimaged it with Fedora. I'm not certain, but I believe I may have switched it between TPM 1.2 and 2.0 a couple of times for development testing in the past. |
|
FWIW I apparently have the same issue with a tpm 1.2 blocked at 5.81.0.0. |
|
Would you please provide the dmidecode log once you observe this issue? |
|
Dmidecode when UI shows 5.81.0.0: I'll try to reproduce the issue with the weird version and post the result here. |
|
To reproduce, I clicked on "upgrade" in the firmware UI to update to 5.81.2.1 . The UI asked me to reboot, I clicked "Later" and now the UI shows version 255.255.255.255. |
|
After reboot and a tpm upgrade failure "blocked by tpm fw policy", the UI still shows version 255.255.255.255 |
|
hmmmm, there is no tpm info in dmidecode... |
|
btw this is on a 9350. |
|
In the TPM 2 section there is a "Lock status" section. When I click to unlock, the GUI tells me to reboot, yet, after reboot, the GUI has the "Lock status" locked again like nothing happened. |
|
I'm seeing the same issue on an Optiplex 5040 running Debian. Current TPM 1.2 version 5.81.0.0 attempting to update to 5.81.2.1. I then tried installing the TPM 2.0 update from Window 10, but this also failed in the same way. |
|
Please help to contact dell support on the website [0] , |
|
@hugh712 Thanks for the suggestion, but given that this problem appears to exist across multiple Dell models with the same firmware update... My assumption is that there is an interaction between the firmware update and the platform firmware that requires fixing. At the very least it needs to have a more helpful error message than "Blocked by TPM FW Policy". My assumption is that you would have orders of magnitude more chance of getting this problem fixed from within Dell, by referring it to the platform firmware team than I ever would as a individual customer in possession of a single machine. I'll be happy to provide as much technical assistance to Dell on this matter as I can. |
|
Though I have contacted Dell support but my laptop being out of warranty, support cannot help. @therealjuanmartinez mentionned being in contact with vendor, about this very issue, which seems promising, but maybe the chip support is simply abandonned. |
|
Hmm, and today, after a round of updates, fwupdmgr does not list the TPM anymore... |
|
Just tried again today, and while it still doesnt work, I noticed this in the fwupdmgr after a failed tentative: Notive "Preventing upgrades as alternate". What does it mean? @hughsie going out on a limb here, yet I'm wondering if the "policy" that blocks update is "Since there is a tpm 2 update, dont bother update the TPM 1.2 and instead you should update to tpm 2 instead" ? And since fwupmgr keeps trying to push the tpm 1.2 update instead of the 2.0, it will always fail? So, could it be that the problem is an UI one, and that, somehow, if fwupdmgr could offer the update to 2.0 (skipping the whole 1.2 thing altogether), the upgrade would work ? |
|
Today I encountered the same problem on my [Precision 7920 Tower]. Tried switching between versions, with no success. I contacted customer service and they said they couldn't update. But I think DELL should have set up a protection program in the module and refused to update.It is the aforementioned [Preventing upgrades as alternate]. |
Even after switching multiple Bios versions, it still failed. |
Trying to either update the TPM 1.2 firmware to the latest, or trying to install TPM 2.0 firmware results in the system rebooting, starting the update, and then producing a "Blocked by TPM FW Policy" error. The same message is generated when trying to perform the update from DOS, so this isn't intrinsically an fwupd issue.
Dell XPS 13 9360.
The text was updated successfully, but these errors were encountered: