Windows Dev Center

Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

Win32_Tpm::Provision method

Attempts to provision the TPM to a completely ready state and will take the ownership of TPM if it is not already owned. This method is expensive to execute because it performs many checks. It is recommended applications use this method only when necessary.

This method is only accessible by local administrators.

Syntax


uint32 Provision(
  [in]  BOOL   ForceClear_Allowed,
  [in]  BOOL   PhysicalPresencePrompts_Allowed,
  [out] uint32 Information
);

Parameters

ForceClear_Allowed [in]

When set to TRUE the method may request physical presence operations to clear the TPM. If set to FALSE, the method will not request a physical presence operation to clear the TPM.

PhysicalPresencePrompts_Allowed [in]

When set to TRUE the method may request physical presence operations that require user involvement during the boot process to confirm the TPM state change.

Information [out]

Returns a bitmask of as much information as is available of what is needed to fully provision the TPM. Mask values like INFORMATION_REBOOT indicate the method call should initiate a reboot to move the provisioning process forwards.

The Information parameter may consist of the following values.

ValueMeaning
INFORMATION_SHUTDOWN
0x00000002

Platform restart is required (shutdown).

INFORMATION_REBOOT
0x00000004

Platform restart is required (reboot).

INFORMATION_TPM_FORCE_CLEAR
0x00000008

The TPM is already owned. Either the TPM needs to be cleared or the TPM owner authorization value needs to be imported.

INFORMATION_PHYSICAL_PRESENCE
0x00000010

Physical Presence is required to provision the TPM.

INFORMATION_TPM_ACTIVATE
0x00000020

The TPM is disabled or deactivated.

INFORMATION_TPM_TAKE_OWNERSHIP
0x00000040

The TPM ownership was taken.

INFORMATION_TPM_CREATE_EK
0x00000080

An Endorsement Key (EK) exists in the TPM.

INFORMATION_TPM_OWNERAUTH
0x00000100

The TPM owner authorization is not properly stored in the registry.

INFORMATION_TPM_SRK_AUTH
0x000000200

The Storage Root Key (SRK) authorization value is not all zeros.

INFORMATION_TPM_DISABLE_OWNER_CLEAR
0x00000400

If the operating system is configured to disable clearing of the TPM with the TPM owner authorization value and the TPM has not yet been configured to prevent clearing of the TPM with the TPM owner authorization value .

INFORMATION_TPM_SRKPUB
0x00000800

The operating system's registry information about the TPM’s Storage Root Key does not match the TPM Storage Root Key.

INFORMATION_TPM_READ_SRKPUB
0x00001000

The TPM permanent flag to allow reading of the Storage Root Key public value is not set.

INFORMATION_TPM_BOOT_COUNTER
0x00002000

The monotonic counter incremented during boot has not been created.

INFORMATION_TPM_AD_BACKUP
0x00004000

The TPM’s owner authorization has not been backed up to Active Directory.

INFORMATION_TPM_AD_BACKUP_PHASE_I
0x00008000

The first portion of the TPM owner authorization information storage in Active Directory is in progress.

INFORMATION_TPM_AD_BACKUP_PHASE_II
0x00010000

The second portion of the TPM owner authorization information storage in Active Directory is in progress.

INFORMATION_LEGACY_CONFIGURATION
0x00020000

Windows Group Policy is configured to not store any TPM owner authorization so the TPM cannot be fully ready.

INFORMATION_EK_CERTIFICATE
0x00040000

The EK Certificate was not read from the TPM NV Ram and stored in the registry.

INFORMATION_TCG_EVENT_LOG
0x00080000

The TCG event log is empty or cannot be read.

INFORMATION_NOT_REDUCED
0x00100000

The TPM is not owned.

INFORMATION_GENERIC_ERROR
0x00200000

An error occurred, but not specific to a particular task.

INFORMATION_DEVICE_LOCK_COUNTER
0x00400000

The device lock counter has not been created.

 

Return value

All TPM errors as well as errors specific to TPM Base Services can be returned.

Common return codes are listed below.

Return code/valueDescription
S_OK
0 (0x0)

The method was successful.

 

Remarks

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Namespace

\\.\root\CIMV2\Security\MicrosoftTpm

MOF

Win32_tpm.mof

DLL

Win32_tpm.dll

See also

Win32_Tpm

 

 

Community Additions

Show:
© 2015 Microsoft