TPM Stuck in MFG mode

[plympton]

Yeah, I was messing with the BIOS, and trying to get the advanced menu on my X1C6 (X1 Carbon Gen 6 for future searchers). Now the Security / TPM chip is stuck in MFG mode, and I can't seem to get it out of it.

I have tried resetting to defaults, setting a supervisor password, cold booting, resetting in Windows (tpm.msc doesn't show hardware available). I reflashed to stock firmware (1.50). Nothing helps.

I have a backup of the OG firmware I had, and coincidently I have a copy of ANOTHER 8-pin chip's firmware (on Mobo, near ESC key if you're looking down) - not sure if that's the TPM chip or not - can't verify.

Anyone have any ideas or leads? I can't get to Windows Hello anymore without TPM, and that kinda sucks. My bad, I know, but still...

[plympton]

I still can't get TPM to work, but I'm happy enough without it now - I dropped my daughter off at school and just swelted in my hot car until I figured it out. Read into that what you wish.

I got Windows Hello to work (well, it was always working, but PIN was borked because it was probably tied to the TPM in some way), but forcibly deleting all pins. P.A.I.N.F.U.L.

https://superuser.com/questions/1279400 ... windows-10

I also got ride of an old AD login for an organization that went bankrupt (literally) that I couldn't get off my laptop...

Happy days ahead!

https://superuser.com/a/1538276

[plympton]

Hey, it's a rainy day, and HomeDad needed to solve a problem (of his own creation) today.... and we're solved!

I've posted this on Reddit (https://www.reddit.com/r/thinkpad/comme ... _mode_fix/), too, in case anyone runs into this in the future. Quite the head-scratcher!

I realize this is very esoteric, and posting primarily for the future internet searchers scratching their heads, but it's really interesting.

• If you modify your BIOS to show the Advanced menu, part of the modification is to add a checksum use a HEX editor to make it seem legit (or sign it - but the signing hack is not working on newer BIOS'en because of AMI Bios Guard).

• The modification appears to break TPM. Makes sense - TPM relies on everything in the entire chain being trustworthy, and modding the BIOS should invalidate that. Fair enough(tm).

• However! THIS MODIFICATION SURVIVES RE-FLASHING! I dumped my TPM not-working BIOS, which wasn't showing the Advanced menu since it was an Windows update from 1.45 -> 1.50, and when I went to re-modify it, the Hex editing was still there. Head-scratch.

On a hunch, I took my original saved BIOS, and restored it. After some BIOS crankiness, several sudden reboots, holding breath, the machine booted and sur enough TPM was available again.

My conclusion: TPM is controlled by the BIOS, and not a different motherboard chip. I thought there could be a 2nd TPM chip, like Apple's secure enclave, on the mobo.

So, you either get Advanced Menu, or TPM functionality, not both, using these methods. If you dump and re-sign the BIOS, you might get both, but I'm tapping out. My $14 flasher doesn't connect to my BIOS chip anymore, and I'm not willing to risk anything else (my heart skipped a few too many beats over it) this week.