HPE Community
ProLiant Servers (ML,DL,SL)
1825949 Members
2796 Online
109690 Solutions
New Discussion

How to set the TPMOverrideFlag to true

 
chrisarceo
Occasional Advisor

‎04-18-2024 01:13 AM - last edited on ‎04-18-2024 07:21 AM by

‎04-18-2024 01:13 AM - last edited on ‎04-18-2024 07:21 AM by

How to set the TPMOverrideFlag to true

Screenshot_7.png

 

MessageId: iLO.{version}.FWFlashTPMOverrideFlagRequired A Trusted Module is detected in this system. Failure to perform proper OS encryption procedures will result in loss of access to your data if recovery key is not available. Recommended procedure is to suspend encryption software prior to System ROM or Option ROM firmware flash. If you do not have your recovery key or have not suspended encryption software, cancel this firmware upload. Failure to follow these instructions will result in loss of access to your data. To continue with firmware flash TPMOverrideFlag is required. Format: "CAUTION: A Trusted Module is detected in this system. Updating the System ROM or Option Card Firmware may have impact to measurements stored in the TM and may have impact to security functionality on the platform which depends on these measurements.” Severity: Warning Resolution: Please set the TPMOverrideFlag to true and try again.

0 Kudos
Reply
2 REPLIES 2
Cali
Honored Contributor

‎04-18-2024 03:00 AM - last edited on ‎09-16-2024 02:24 AM by

‎04-18-2024 03:00 AM - last edited on ‎09-16-2024 02:24 AM by

Re: How to set the TPMOverrideFlag to true

Hi,

I don't know how you started this Update.

With iLO GUI, there is a TPM Override Check Box, in SUM also.
If using SUM by CLI the is a "/tpmbypass" or "/ignore" switch setting.
See: Disabling BitLocker to permit firmware updates 

Cali

ACP IT Solutions AGI'm not an HPE employee, so I can be wrong.
0 Kudos
Reply
chrisarceo
Occasional Advisor

‎04-18-2024 03:08 AM - last edited on ‎09-16-2024 02:24 AM by

‎04-18-2024 03:08 AM - last edited on ‎09-16-2024 02:24 AM by

Re: How to set the TPMOverrideFlag to true

@Cali We are applying a firmware update to mitigate the vulnerability. 

Here's the installation instruction from the firmware which is via iloREST:

https://support.hpe.com/connect/s/softwaredetails?tab=Installation+Instructions&collectionId=MTX-6e357a862ebf4f37

 

I have already attempted using the iLO Gui however after flashing the firmware it flashes the wrong firmware, not the SPS (link above).

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.