In my BIOS (same mainboard - Version 37) I entered maintenance mode by having the yellow jumper set accordingly. The option to clear the tpm appeared and I activated it.
I also hit the "maintenance" button and saw the clear the tpm checkbox again. Made sure it's activated.
Then I hit the Exit button to save my settings and I wanted me to shut down the system what I did.
Afterwards I tried to take ownership but again - no luck. It still keeps telling me "Authentication Failed". I repeated this now like 5 times and i'm afraid it's not working. Trying to tpm_clear --force from the OS fails because of "Bad physical presence" - That's probably because "Physical Presence" is ensured by having maintenance mode enabled (?) and I cannot boot to an OS in that mode.
I'm told to "power off" The System to set back the normal mode again. Not sure if that means to shut it down by using the button or by removing the power supply but I tried both and it still does not let me use tpm_takeownership.
Of course I also tried the well known secrets with no luck.
I also disabled the ME/AMT in the ctrl+p because - I thought if someone had the power to access the system through the Management Engine it would spoil the maintenance mode? I was able to remotely access the BIOS GUI in Maintenance mode so.. maybe that's one of the reasons for this behaviour?
What else can I do? (And no - replacing RAM or anything does not sound reasonable)
UPDATE: It looks like I'm not the only having issues with taking ownership. I'm using tpm-tools from trousers (IBM)
http://permalink.gmane.org/gmane.comp.encryption.trousers.user/3368
UPDATE2: I contacted Ken Goldman (IBM Expert for TPM) since he wrote Software that is capable of talking to the tpm so that you can see details that are hidden or less easy to discover otherwise.
Here are the Details for the Nuc Hardware. First the TPM
TPM 1.2 Version Info:
Chip Version: 1.2.13.12
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: STM
Vendor Specific data: 50
TPM Version: 01010000
Manufacturer Info: 53544d20
Now I talked to it to ask what's status it has
getcapability -cap 4 -scap 0108
Result for capability 0x4, subcapability 0x108 is :
Permanent flags:
Disabled: FALSE
Ownership: TRUE
Deactivated: FALSE
Read Pubek: FALSE
Disable Owner Clear: TRUE
Allow Maintenance: FALSE
Physical Presence Lifetime Lock: TRUE
Physical Presence HW Enable: FALSE
Physical Presence CMD Enable: TRUE
CEKPUsed: FALSE
TPMpost: FALSE
TPMpost Lock: FALSE
FIPS: FALSE
Operator: FALSE
Enable Revoke EK: FALSE
NV Locked: TRUE
Read SRK pub: TRUE
TPM established: FALSE
Maintenance done: FALSE
Disable full DA logic info: FALSE
Now I was asked to dump the volatile flags of the Chip
I tried -cap 4 -scap 109 and here are the results:
Deactivated: FALSE
Disable ForceClear: FALSE
Physical Presence Lock: TRUE
bGlobal Lock: FALSE
And so here is the end of the street. And it's a dead end appearently since Physical Presence Lock is TRUE. This prevents any software wise force clear from any Operating System that is booted after the BIOS is exited.
After all this I received a reply from Intel support. I was told to look at some Microsoft Document concerning clearing the TPM from within Windows and also that they would only support Windows on that board but as proven before the operating system has no cards in this game anymore and so fortunately the support told me to have delegated the ticket to the technical department.
Let's hope for the best