Find a easy tutorial to upgrade tpm to 2.0 x230

[Dawidson]

Hi, I want to upgrade my x230 tpm to 2.0, I read on internet a lot but not easy information, can someone here make a tutorial for this or show me the way, whit windows 11 probaly is gonna be a very usefull topic.

thanks a lot

[axur-delmeria]

TPM 2.0 is not a hard requirement, other have bypassed that already.

[Dawidson]

But, since we have tpm, for more security why not use.

[atagunov]

Is it even possible? I thought that 1.2 and 2.0 are versions of a hardware chip interface. If that was true it would mean that Thinkpads live and die with the same TPM version they were born with. It might be possible to deceive operating system into thinking you've got TPM 2.0 - like Clover and similar software - while you don't. I would think this may actually make your installation less secure than utilizing the true hardware-implemented TPM 1.2 because this fake TPM 2.0 will probably all be emulated completely in software using the main CPU and the main RAM; it might even be storing data on your regular HDD

Out of interest are you using this TPM chip for anything? I'm not. In fact I always saw them as a threat to free software and so never felt very inclined to touch them.

P.S. It appears some motherboards may exist in this world that have security chips capable of providing either TPM 1.2 or TPM 2.0 interface. It appears on such system the choice of which interface is exposed may depend on BIOS version. For such a system it is indeed feasible to toggle. I think this is where the mistaken belief about the possibility of "upgrading" any old computer from TPM 1.2 to 2.0 may have originated from. To the best of my knowledge none of Thinkpads are offering such capability and X230 certainly does not have it.

[Xaptwo]

TPM 2.0 is not a hard requirement, other have bypassed that already.

TPM 2.0 is not a hard requirement, other have bypassed that already to install Windows 11.

Yes, it is a Requirement.
We have already known this from the Beginning.

TPM 2.0 is from October 2014.

This means Hardware OEM did not take this seriously.
As also an IT Consultant for Major Companies, a lot of OEM manufacturers did not took the TPM 2.0 very seriously
There for a lot of Devices were able to be hacked and did not provide any security
Company Networks were also not secure enough with the older TPM version.

Several Major Triple rated A Companies, started to put this into their Network
No Devices with TPM older than version 2.0, were not allowed on those Companies Networks anymore
That made with the NEW UEFI BIOS and Secure Boot and every security we could think of, an saver an secure Network.

Since Microsoft is asking for their Windows 11 version the requirement is TPM 2.0
Suddenly everyone is paying attention, we have an serious issue.
When customer with older Laptops connect to Companies Networks
This is why we did not allow people bring their own Devices to the Companies Network
Because of this security breach.

I find what Microsoft is requesting for their AZURE Network, were we all are connect to nowadays
That's for me logic, because it's their AZURE Network, that will be unsecure, when you connect with an OS with Older TPM security chip, what doesn't give any security at all.
As an IT professional, I've seen Major Companies Network and saw the insecure and Non security on their Company Network.
We all want to use the Internet and LAN / WAN Networks, but when this means we are be targeted by Hackers and People who wants your Information, to sell this on the black market.
We don't want that to be happening to our device and we want our IT Department to solve their issues.
But guess what @HOME you don't have an IT Department who can help you out when your Device is in Breach with every security, we have implemented over the last Decades.

There for Windows 11 needs to be secure and We NEED TO HAVE TPM 2.0 and SECURE BOOT
The following is from Microsoft Docs.
Link: https://docs.microsoft.com/en-us/window ... i-security

UEFI security
05/26/2020
Windows operating systems depend on the integrity and configuration of the firmware and hardware components in order to provide a secure work environment.
This section is intended as a guide to provide pointers to the information that will enable you to implement and validate security features in the firmware for Windows operating systems.

This article shows how Important Microsoft find it.

And let us not lay the blame on Microsoft, for what already needed to be implemented and OEM's did not go ahead with it.
AGAIN:

TPM 2.0 is from October 2014 when they released this version.

Since then UEFI BIOS would use all these features.
ONE of the Security Features, we use on Company Networks is Secure Boot.
This Feature restricts which type of Applications can be Booted towards, which are signed with certification through Encryption.

Like BitLocker the Encryption Application Service of Windows, what will Encrypt your whole HDD/SSD and provides an Secure KEY, when this Encryption is completed on your Device.
This feature Encryption, came through Secure Boot feature in UEFI BIOS, with Windows 8 that was released in 2012.

This Secure Boot feature provide security measures to stop malicious code being run on your machine.
This is done by the Encryption of your machine who provides an recognized Security KEY and STOPS every booting of any operating system unless it has this Security KEY.
But also every Change you make on your Device and especially in the BIOS, it will lock your Device and Request of You to put in this Security KEY.
There for Licensed Certificates, became one of the Major Priorities for this.
Were Drivers and Hardware needed to be certified, as Secure to access the Companies Network.

There is only one Manufacturer, I saw working with this Feature and that was HP (Hewlett Packard)
Who implemented on their NEW Server Range, Secure EUFI BIOS along with their Secure iLO NAND Chip
What was too make our IT Support Maintenance easier as Microsoft also did with Windows Server OS 2012

These Windows OS Server and HPE Server Range are already a long time in IT Land

The Problem with Companies and our current IT Support groups all over the World.
We need to work with the Hardware, what Companies provide us, when they don't want to invest in NEW Hardware, we are screwed.
After the Millennium BUG did not occurred, companies did not invest anymore in IT equipment as it should be.
Or even they are wrongly Managed by the Project Managers
I'm also a former Project Manager, but I always went for Innovation on Hardware.
Because in the End, Hardware, needs to make our Job Easier and faster, this is also the case for the End User.
They want to work faster and easier in their Dailey tasks, but also on an Secure Network
And Security we could not provide this, because of the Hardware, of Clients (Laptops/PC's) were not secure enough.

There for we need TPM 2.0 and every Security in the UEFI BIOS!
IS UEFI BIOS Secure from hacking?
No, but it's a start towards more Secure Devices, what OEMs have lacked to provide since October 2014.