Dell Firmware Update to TPM Version 2.0 - Windows 11 Installation Guides

TPM 2.0 or TPM 1.2 Firmware Update

Dell systems with a 6th-8th Generation Intel Processor have two Firmware Security Updates related to the Trusted Platform Module.

There is no native setting in the UEFI BIOS Setup to switch between TPM 1.2 and 2.0. The TPM Firmware Update switches the TPM Security Version that is available in the UEFI BIOS Setup.

Checking your TPM Version in the Dell UEFI BIOS Setup

To check what mode is Enabled. Power off your Dell and Power up your Dell and Press [F2] to enter the UEFI BIOS Setup:

This Dell has TPM 2.0 Security. A TPM 2.0 Firmware may be available for the model and should be applied.

Installing the TPM 1.2 Firmware Update will Disable the TPM 2.0 Security features and Downgrade to TPM 1.2 Security which should be avoided in most cases:

In theory updating the TPM Firmware should be as easy as applying a UEFI BIOS Update. However in practice it is a little bit more difficult as the Operating System uses the TPM to Trust a Device when logged in with a Microsoft Account and use the TPM to automatically encrypt a Drive with Bitlocker on Windows 10 Pro or Windows 11 Pro.

Computer Name and Bitlocker Recovery Key

Right click your Start Button to get to the Power Users Menu and select System:

Your Computer Name and Windows Edition will be listed. This Computer is running Windows 10 Pro. Note Bitlocker is a Pro Feature and not available in Windows 10 Home or Windows 11 Home.

Your PC Model and Computer Name should be listed under My Devices. Select View Details:

Select Bitlocker Data Protection:

You will have a Key ID and Recovery Key. Note if you have reinstalled Windows multiple times with the same Computer Name, you may have multiple different Key IDs and Recovery Keys associated with them:

TPM2.0 Firmware Update

Select your TPM2.0 Firmware Update:

Accept the User Account Control Prompt:

Select OK:

You be informed about the current TPM Firmware Version Installed and the Version Available in this Update. In this case the installed version is TPM 1.2 and the updated version is TPM 2.0:

You will be informed that the Firmware Update cannot be applied if the TPM is owned. Select OK:

Disable Windows Autoprovisioning of the TPM

In my case I get the error, the TPM is Owned (which means its currently used by the Operating System). Please clear the TPM and try again:

Right click the Start Menu, to get to the Power Users Menu and select Windows PowerShell (Admin) or Windows Terminal (Admin):

Accept the User Account Control to run it:

Input the command:

Disable-TPMAutoProvisioning

This command stops Windows from automatically Provisioning (Owning) the TPM at log in:

Now Power off your Computer and Power it up and press [F2] to get to the Dell UEFI BIOS Setup. Select TPM 1.2 or 2.0 Security to the Left Hand Side and select Clear to the top right:

Select Yes:

Exit the Dell UEFI BIOS Setup and your computer should reboot. Now the TPM has been cleared and at this boot is not automatically Provisioned by the Operating System. However because the TPM is related to the Microsoft Account Login and Bitlocker Encryption, you will need to provide your Bitlocker Recovery Key:

Once you do, you can log in as normal:

You can now retry the Firmware Update. This time, now the TPM is not owned, it should proceed to the next step. It will ask you whether or not you want to Suspend Bitlocker Drive Encryption. Since we have the Bitlocker Recovery key to hand, we can select No:

Now the Computer will reboot and apply the Firmware Update within UEFI:

You will need to provide the Bitlocker Recovery Key again in order to log in. Power down your Computer and once again Power it up, pressing [F2] to enter the Dell UEFI BIOS Setup: