No TPM? No Windows 11 for you!

[adrynalyne]

55 minutes ago, Good Bot, Bad Bot said:

WTF? My AMD FX-8320 is not supported? Windows can't even read my TPM state. I have a Gigabyte GA-990FXA-UD3 R5 (rev. 1.0) systemboard and no secure boot options I can see. I have tried setting Windows 8 for OS type and disabling CSM but no luck.

 

The board was a good deal at the time but there has been a total of one BIOS update for it. 🙄

 

Anyone with suggestions would be welcome.

Yeah. Upgrade. 

[George P Global Moderator]

6 hours ago, PsYcHoKiLLa said:

From your motherboard's manual

 

I've got a i7 6700k, same Asus BIOS but that specific part of it is nowhere to be found.  And doing some searches online I can't find out if my CPU has PTT at all or not.   Since the options aren't there I'm guessing no, so I ordered a TPM chip in the end.

[George P Global Moderator]

5 hours ago, ManMountain said:

A lot of focus on TPM 2.0, but not so much on the CPU's that are not supported in Windows 11.  

 

AMD supported CPU

Intel supported CPU

 

 

I think that list is more for anyone making/supporting systems at a retail/business level.  Older CPUs should run 11 just fine and I expect that list will grow over time.

[+Raze Subscriber²]

Found fTPM in the UEFI for my ASUS ROG STRIX Z390-H GAMING.  Buried under Advance settings - PCH-FW Configuration - TPM Device Selection - select Firmware TPM - save and reboot.  Passed the PC health check!

 

 

[+Biscuits Brown MVC]

While my main desktop is compatible, I have two other desktops (and about 6 or 7 other lesser used systems) that aren't event close. One is a 4770k on an Asus ROG Maximus VI Gene and the other a 4790k Asus ROG Maximus VII Gene. Both have 32gb ram, 1TB SSDs and 2070s. Neither bios has anything even close to Intel PTT although even it it did, the CPU's themselves aren't on the list (or generationally close) so that's that.

 

One of these is my wife's main desktop (the 4790k) and she really likes how Win 11 looks so it appears that  Microsoft and PC builder consortium (Dell, HP, Lenovo) have won this round and I'll have to update her CPU/MBoard/Ram later this year. 

[Gotenks98]

so how are we supposed to test this in a VM? I use Hyper-V most of the time.

[ManMountain]

This is what the Microsoft PC health check should be like.  Hopefully the CPU list will be relaxed somewhat, quite ridiculous a generation 1 TR is not supported.

[SidVicious]

14 minutes ago, Gotenks98 said:

so how are we supposed to test this in a VM? I use Hyper-V most of the time.

Hyper-V has an option to emulate the TPM 2.0 chip.

 

 

[Ve7878]

The tool has been updated but it appears to still be checking soft-floor requirements. So my PC is still showing as not compatible with Win 11, it must be the first gen Ryzen causing it to show as not being compatible.

[George P Global Moderator]

6 hours ago, Biscuits Brown said:

While my main desktop is compatible, I have two other desktops (and about 6 or 7 other lesser used systems) that aren't event close. One is a 4770k on an Asus ROG Maximus VI Gene and the other a 4790k Asus ROG Maximus VII Gene. Both have 32gb ram, 1TB SSDs and 2070s. Neither bios has anything even close to Intel PTT although even it it did, the CPU's themselves aren't on the list (or generationally close) so that's that.

 

One of these is my wife's main desktop (the 4790k) and she really likes how Win 11 looks so it appears that  Microsoft and PC builder consortium (Dell, HP, Lenovo) have won this round and I'll have to update her CPU/MBoard/Ram later this year. 

I'm in the same boat but with a newer 6700k but no PTT in the BIOS anywhere.  Asus couldn't be bothered to add it in I guess?

[adrynalyne]

21 hours ago, Steven P. said:

It escapes me, I am also very tired  

I did some homework. You were right, it does look like discrete is more secure. 

[PsYcHoKiLLa]

I found out I'm not compatible because of my CPU (too old), if you want to check yours :

Supported Intel Processors (Anything older than 8000 series not supported)

Supported AMD Processors

[spaceelf]

6 hours ago, adrynalyne said:

I did some homework. You were right, it does look like discrete is more secure. 

Also sometimes much less reliable.  The last time I used a discrete TPM I got a damaged chip which seemed to work but messed with the system.

[adrynalyne]

1 minute ago, Randomevent said:

Also sometimes much less reliable.  The last time I used a discrete TPM I got a damaged chip which seemed to work but messed with the system.

Good to know!

[techbeck]

On 24/06/2021 at 13:30, adrynalyne said:

Better than TPS.

 

[George P Global Moderator]

So someone posted that intels PTT (fTPM) needs CPUs with vPro support.  If that's the case then that would explain why my 6700k doesn't show any options for PTT in the BIOS.  Also why 7000 series CPUs aren't supported either because I just checked and the 7700k doesn't have vPro either.    

 

Oh well, I'll just stick with Windows 10  or see what happens with 11 later.  I still think you'll be able to install it just "unsupported" and a "at your own risk" type deal.   This system is 6yo though I've upgraded the GPU once to a 1070 so it's solid for my gaming needs.

 

It's looking like I'll have to retire the old i7 920 though, mostly because I want something that takes up less space than the mid-tower it has, it can still do it's task without issue though.

[goretsky Supervisor]

Hello,

 

Hypothetically speaking, parts of a motherboard design layout could be re-used to create multiple form-factors (ATX and mATX for example) or used across several chipsets (value-end to HEDT) and the manufacturer may have left the connector in place by accident. 

 

I would also wonder if the cost of removing the module header would be more than leaving it in place.  Motherboard manufacturing seems pretty automated, though, so the cost would be in the time and labor to reset manufacturing, not the costs of the pins and the shroud. 

Another possibility might be to provide support for a different type of TPM chip (e.g., something mandated by a government) that operates differently than the embedded type.

Anyways, those are just some reasons I came up with just off the top of my head.  I am not a crypto engineer, though, I do not know how likely any of these scenarios I mentioned are possible.

Regards,

Aryeh Goretsky

 

  

On 24/06/2021 at 14:44, Steven P. said:

 

I don't know, tell me why a motherboard would have a TPM 2.0 Module header if the board only supports CPUs where this is already built in?

 

[MS Bob 11]

Apparently Windows uses the TPM for a lot more features than BitLocker, Windows Hello, Secure Boot. But these are all enterprise features mostly: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations

[+InsaneNutter MVC]

Interestingly if you read Microsoft's Minimum Hardware documentation for ecosystem partners, this states: "Upon approval from Microsoft, OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled".

 

So it seems like deploying Windows 11 with MDT (Microsoft Deployment Toolkit) to unsupported hardware is a scenario Windows 11 would work fine in, even if Microsoft are aiming for this to be the exception and not the norm.

 

With that in mind this should mean that Windows 11 will continue to work fine in the future once you bypass the installer check, since there will be 'officially supported' Windows 11 scenarios with no TPM.

 

One can hope anyway. Clearly security is the focus here, however given Windows 10 can work perfectly on Core2Duo hardware dating back to 2006, it seems a big leap to drop support for anything Intel before Coffee Lake (2017) and AMD before Ryzen 2000 (2018). For what the majority of people use a computer for these days a 10+ year old system with an SSD can still offer a really good experience.

[neufuse Veteran]

5 hours ago, George P said:

So someone posted that intels PTT (fTPM) needs CPUs with vPro support.  If that's the case then that would explain why my 6700k doesn't show any options for PTT in the BIOS.  Also why 7000 series CPUs aren't supported either because I just checked and the 7700k doesn't have vPro either.    

 

Oh well, I'll just stick with Windows 10  or see what happens with 11 later.  I still think you'll be able to install it just "unsupported" and a "at your own risk" type deal.   This system is 6yo though I've upgraded the GPU once to a 1070 so it's solid for my gaming needs.

 

It's looking like I'll have to retire the old i7 920 though, mostly because I want something that takes up less space than the mid-tower it has, it can still do it's task without issue though.

vPro? I use PTT and I dont have vPro enabled, the CPU's are "eligible" but not using it

[George P Global Moderator]

17 minutes ago, neufuse said:

vPro? I use PTT and I dont have vPro enabled, the CPU's are "eligible" but not using it

Well then it's just Asus not adding the option for my specific z170-a motherboard because it's not there anywhere.   And it's looking like a pain to get their TPM 2.0 chip at this point.

[eddman]

10 minutes ago, George P said:

Well then it's just Asus not adding the option for my specific z170-a motherboard because it's not there anywhere.   And it's looking like a pain to get their TPM 2.0 chip at this point.

Is there a "PCH-FW Configuration" entry in the "Advanced" section of the UEFI? The TPM setting for another asus Z170 model is there.

 

What's the BIOS version?

 

If it's completely missing, maybe try contacting asus support.

[George P Global Moderator]

1 minute ago, eddman said:

Is there a "PCH-FW Configuration" entry in the "Advanced" section of the UEFI? The TPM setting for another asus Z170 model is there.

 

What's the BIOS version?

The BIOS is the newest one listed on their site for my board.

 

Z170-A BIOS 3802

 

As far as the PCH-FW Configuration option, I've looked and didn't see it though for the hell of it I could look again I guess.

[neufuse Veteran]

28 minutes ago, George P said:

The BIOS is the newest one listed on their site for my board.

 

Z170-A BIOS 3802

 

As far as the PCH-FW Configuration option, I've looked and didn't see it though for the hell of it I could look again I guess.

It took me forever to find the PTT config on my ASUS board when I got it... wish they made stuff more clear for security settings my old MSI board flat out called it TPM Security made it easy

[George P Global Moderator]

6 minutes ago, neufuse said:

It took me forever to find the PTT config on my ASUS board when I got it... wish they made stuff more clear for security settings my old MSI board flat out called it TPM Security made it easy

Yeah, so I dove back into bios to try and see one last time but nothing.  I just don't have PTT, so oh well.  I either get lucky and find a TPM chip to put in, or wait and see what happens and if you can install without TPM after you agree to some warning  they give you.  Otherwise I'll just stay on Windows 10 till I'm ready to build a new system.