*Updated July 15, 2015*
New method for enabling TPM is to enable it via WinPE before the OS is applied. See video below. And here is the script that was used.
Breakdown of units that display prompt and units that do not.
Display Prompts on enable:
No Display of prompts: on enable:
CF-H2C (Mk2), CF-H2F (Mk3), FZ-G1A (Mk1), FZ-G1F (Mk2)
I also came across a very useful script that displays the status of the TPM in Windows. Make sure you run the VBS as an Administrator.
In Panasonic Toughbook’s BIOS’s you MUST set the Supervisor Password in order to enable the TPM chip. If you are not fond of having a supervisor password, or wish to enable TPM programmatically, try the following.
Use the built-in Windows command line tool “manage-bde”.
manage-bde.exe -tpm -TurnOn
On older Toughbook laptops (i.e. pre-31Mk2, 19Mk2, 53), you may need to perform a “Shutdown” and manual “Power-On”. See image below for example prompt. There is NO way around this, other than getting a custom BIOS produced.
* Newer prompt appears even when Task Sequence triggers a reboot after executing “manage-bde ..” command.
If you are still running into issues enabling TPM, try the “EnableBitLocker.vbs” script. If TPM is not enabled, on 1st run it will auto enable it, and on 2nd run it will enable BitLocker.
And lastly, if you are still having issues, request a custom BIOS be produced for your Organization with the TPM already enabled. This can take a couple of weeks to get produced, but may end up being the best option for your situation.
Once TPM is enabled, you can now initiate BitLocker, which is best done via GPO. I suggest this, because there is a GPO setting, which enforces the Toughbook/pad to backup the recovery key to AD before initiating BitLocker (Require BitLocker backup to AD DS)
GPO Path: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
Remember, Only Enterprise and Ultimate x64 editions of Windows 7 or Windows 8 support BitLocker.