BIOS Boot Modes and TPM2.0

Well, the new 6th generation Core-i (Skylake) series products are here. December 2015 and January 2016 saw the availability of our new Sat Pro R series, Sat Pro A Series, Tecra A Series, Portege A series, Tecra Z series and Portege Z series. The 6th generation products are identifiable by the inclusion of “C” on the product name: for example Sat Pro A30-C, Tecra A40-C, Portege Z30-C, Tecra Z50-C, etc.

All of these products share a common power supply, common dedicated dock, and importantly for you, the IT Administrator/build specialist, a common driver set allowing you to use one driver pack in your task sequence for SCCM or MDT, therefore simplifying the support of different chassis form-factors across your estate. There have also been some changes beneath the hood

First up there has been a change in TPM controller. We have moved from using an Infineon TPM1.2 controller chip to an Infineon TPM2.0 controller chip. This brings with it added benefits in terms of support for SHA-2 256 in both Hash and HMAC algorithms, but is does also mean that the CSM (Compatibility Support Module)(1) mode in the BIOS cannot access the TPM2.0 controller chip as CSM is only compatible with TPM1.2.

So therefore, to use TPM2.0 you need to set your BIOS to UEFI Mode. This in itself will bring its own challenges as Windows8/8.1 and Windows10 can use UEFI without issue, but Windows7 64-bit can be problematic. To allow effective support for Windows7 64-bit we have introduced a new mode called UEFI Legacy which will allow Windows7 64-bit to operate without issue.

You will notice in the above I have mentioned Windows7 64-bit, but not its 32-bit sister. This is because the UEFI and UEFI Legacy options do not support 32-bit operating systems. To support 32-bit operating systems you will need to set your BIOS to CSM mode, but in doing so you will not be able to access TPM2.0.

The table below lays out what is supported in each BIOS mode:-

BIOS Mode TPM2.0 Windows7 32-bit Windows7 64-bit Windows 8/8.1 Windows10
CSM No Yes Yes Yes Yes
UEFI Legacy Yes No Yes Yes Yes
UEFI Yes No Yes Yes Yes

For further reading please take a look at the blog articles discussing “PXE Boot and BIOS Modes” and also “Supporting Bitlocker”

Until the next time,

Your Toshiba B2B Consultant Team

1 Upon launch CSM Mode is not available in the BIOS of some of the new models. To obtain CSM Mode support in the BIOS it may be necessary to update your BIOS to the latest version. This will be available from our FTP site and also http://www.toshiba.co.uk/innovation/download_bios.jsp?service=UK