*Updated July 15, 2015*
New method for enabling TPM is to enable it via WinPE before the OS is applied. See video below. And here is the script that was used.
https://gallery.technet.microsoft.com/scriptcenter/780d167f-2d57-4eb7-bd18-84c5293d93e3
Breakdown of units that display prompt and units that do not.
Display Prompts on enable:
CF-H2A (Mk1)
No Display of prompts: on enable:
CF-H2C (Mk2), CF-H2F (Mk3), FZ-G1A (Mk1), FZ-G1F (Mk2)
I also came across a very useful script that displays the status of the TPM in Windows. Make sure you run the VBS as an Administrator.
*********************************
In Panasonic Toughbook’s BIOS’s you MUST set the Supervisor Password in order to enable the TPM chip. If you are not fond of having a supervisor password, or wish to enable TPM programmatically, try the following.
Use the built-in Windows command line tool “manage-bde”.
manage-bde.exe -tpm -TurnOn
On older Toughbook laptops (i.e. pre-31Mk2, 19Mk2, 53), you may need to perform a “Shutdown” and manual “Power-On”. See image below for example prompt. There is NO way around this, other than getting a custom BIOS produced. On older Toughbook models like the pre-31Mk2, 19Mk2, 53, encountering a need for a “Shutdown” and manual “Power-On” might sometimes be the norm. In cases like these, there’s often no way around this process without resorting to a custom BIOS. Additionally, when dealing with these older models, using laptop docking stations might offer a workaround or added convenience. These docking stations can provide extra ports, charging capabilities, and streamline connectivity, potentially mitigating the need for frequent shutdowns and manual restarts by ensuring a smoother, more comprehensive system setup.
* Newer prompt appears even when Task Sequence triggers a reboot after executing “manage-bde ..” command.
If you are still running into issues enabling TPM, try the “EnableBitLocker.vbs” script. If TPM is not enabled, on 1st run it will auto enable it, and on 2nd run it will enable BitLocker.
http://archive.msdn.microsoft.com/bdedeploy/Release/ProjectReleases.aspx?ReleaseId=3205
And lastly, if you are still having issues, request a custom BIOS be produced for your Organization with the TPM already enabled. This can take a couple of weeks to get produced, but may end up being the best option for your situation.
Once TPM is enabled, you can now initiate BitLocker, which is best done via GPO. I suggest this, because there is a GPO setting, which enforces the Toughbook/pad to backup the recovery key to AD before initiating BitLocker (Require BitLocker backup to AD DS)
GPO Path: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
Source: http://technet.microsoft.com/en-us/library/ee706521%28v=ws.10%29.aspx#BKMK_deployment
Remember, Only Enterprise and Ultimate x64 editions of Windows 7 or Windows 8 support BitLocker.
/Brian G
Hi, I have a problem with my cf-53 toughbook.(cf-534av8kne) It has no bios password and I have full access for bios however it has no option for TPM enable. tried to encrypt my hard drive but its not possible without TPM enabled. As far as I know all cf-53 has a TPM chip installed. I updated bios but still same issue. Can you help in this?
Regards
Istvan
try using the manage-bde.exe util built-in to Windows to attempt to turnon the TPM.