Enabling TPM makes any Junos upgrade on SRX impossible. If you enable TPM / MEK – the box needs to be rebuild from scratch using a local console access. There is no other way to disable TPM or do an upgrade.
It seems that if you enable TPM on an SRX (http://www.jnpr.net/documentation/en_US/junos/topics/concept/trusted-port-module-security-understanding.html) it makes an upgrade impossible. If you try to install D110 on the box it will give you a validation error. To clear the TPM you need to clear it in uboot and rebuild the box from scratch - and clearing the uboot is possible only from the local console – so no remote upgrade possible.
To sum it up:
- There is no other method to install/upgrade Junos on a SRX with TPM/MEK enabled then to clear the TPM/MEK before the install/upgrade.
- There is no other method to clear the TPM then to use a LOCAL console access (need to access uboot).
- After clearing the TPM using uboot the box requires full (manual) reinstall/rebuild.
I am having a JTAC case and trying to find a solution, but the situation is outrageous...
Regards,
Pawel Mazurkiewicz