No TPM? No Windows 11 for you!

[Jason Campbell]

i have intel motherboard from 2016 with tmp 2.0 on it  is that rare or something  obiviously its not new technology

 

[jbarcus81]

I'm about to throw in the towel myself... I have an ASRock Z370 Extreme4 with an i5 8600k 8th gen... I have everything enabled in the BIOS but still no go on the TPM requirement. The towel is going in.

 

 

 

__________________________________________++++++++++++++++++++++++++++++++++++++++_____________________________________________

 

I fixed it!!!! I found one more setting in my BIOS - Advanced/Trusted Computing --- Security Device Support - ENABLED ... FIXED!!!!!!!

 

Edited June 26, 2021 by jbarcus81

[+Raze Subscriber²]

Got a request for how to activate Firmware TPM for the ASUS ROG STRIX Z390-H GAMING.  

 

First I am using BIOS firmware version 3002 Beta.  I've had no problems with it.

 

1.  Boot into BIOS

2.  If in EZ-Mode, F7 into Advanced Mode.

3.  Scroll down to PCH-FW Configuration and open, you'll see TPM Device Selection.

4.  Click on the drop down and select Firmware TPM.

5.  F10 to save changes and reboot PC.

6.  Check Device Manager and look for Security Devices

7.  Click to open -  it should have Trusted Platform Module 2.0 

8.  Or you can - Open run command by pressing Windows + R and type tpm.msc and hit enter.
     This command will open the Trusted management console Management.

9.  Done.

[SidVicious]

On my PC the TPM is present...but my Ryzen 5 2400G is not supported.
######.

[Steven P. Administrators]

1 hour ago, SidVicious said:

On my PC the TPM is present...but my Ryzen 5 2400G is not supported.
######.

I really wonder what the reason is for requiring relatively new CPUs, what does 8th gen Intel have that 7th gen doesn't?

[spaceelf]

2 hours ago, Steven P. said:

I really wonder what the reason is for requiring relatively new CPUs, what does 8th gen Intel have that 7th gen doesn't?

I'm hardly an expert but I'd say it's most likely related to all the work they've had to do on Spectre and Meltdown and similar attacks.

[cacoe]

[+Warwagon MVC]

On my couch computer almost everything passes except the CPU ... lol ...######! i5-7600 3.50 ghz 32GB Ram, TPM 2.0, 1TB NVME . ... but Nope can't run windows 11. It's so stupid, it's comical. 

[cacoe]

1 minute ago, warwagon said:

Almost on my couch computer passes except the CPU ... lol ...######! i5-7600 3.50 ghz 32GB Ram, TPM 2.0, 1TB NVME . ... but Nope can't run windows 11. It's so stupid, it's comical. 

Probably blind positivity, but I'd be surprised if there isn't a very simple and easy-to-do patch even for the final version of Windows 11.

[George P Global Moderator]

9 hours ago, Raze said:

Got a request for how to activate Firmware TPM for the ASUS ROG STRIX Z390-H GAMING.  

 

First I am using BIOS firmware version 3002 Beta.  I've had no problems with it.

 

1.  Boot into BIOS

2.  If in EZ-Mode, F7 into Advanced Mode.

3.  Scroll down to PCH-FW Configuration and open, you'll see TPM Device Selection.

4.  Click on the drop down and select Firmware TPM.

5.  F10 to save changes and reboot PC.

6.  Check Device Manager and look for Security Devices

7.  Click to open -  it should have Trusted Platform Module 2.0 

8.  Or you can - Open run command by pressing Windows + R and type tpm.msc and hit enter.
     This command will open the Trusted management console Management.

9.  Done.

The problem is that many people might have the supported CPU (i've got a 6th gen which should support PTT but doesn't pass the Windows 11 requirements) but don't even have the PCH-FW Configuration option in their Asus BIOS.   

 

It seems that even if you have the same chipset as others some board makers have left things out depending on the model, if you have one of the higher end boards you might have it, one of the base models though, might not.  

 

Anyways, I'll just stay on Windows 10 till I'm ready for a new gaming system.   Next one is going to be a smaller case, don't need another full tower.

[ThaCrip]

If it's not this, it will probably be something else that get people as a whole to largely reject Win11 given Microsoft's rep over the long term. because Microsoft has a pattern of good/bad/good/bad with OS's (for a long time now (ill just start from when PC's pretty much went mainstream)) which, if the pattern holds, Win11 will be part of the 'bad' group....

 

Win98(good)/WinME(bad)/WinXP(good)/WinVista(bad)/Win7(good)/Win8(bad)/Win10(good)... Win11(bad(?)).

 

p.s. I am not counting Win2k because while it was a good OS the average person could use, it was never targeted at the common user, so I did not count it. if I did, it would have broke the pattern. also, while Vista was not bad after a while, and apparently the same with Win8, those OS's were largely rejected by the masses since people generally stuck to WinXP, and the newer OS people who moved past WinXP generally stuck with Win7 until people were forced to something newer which, to state the obvious, is the current Win10, which is the only real choice for Windows users at this point.

[jbarcus81]

Put yourself in the common user. Just your average person firing up their PC they bought from Dell or wherever with decent specs maybe in the last year or two finding out they're stuck with Windows 10. The kicker for me is this average person may actually be able to upgrade but have to do some BIOS tweaks which they will have no clue how to do. I see this as a customer service nightmare for OEMs and Microsoft. I understand security is a priority but you kinda have to 'dumb it down' a bit. Hell it took me days to finally get the right settings enabled in my BIOS and I've been building and tweaking computers for 20+ years.

[Xenon]

18 hours ago, Steven P. said:

I really wonder what the reason is for requiring relatively new CPUs, what does 8th gen Intel have that 7th gen doesn't?

Nothing. 

[George P Global Moderator]

We're so early into this new version so who knows what they'll do.  I've been keeping track of a poll over on Windows Central asking if users systems qualify for Windows 11, and so far 44% say no, 30% say yes, with the rest in this weird "maybe" or "not sure" area.   As time passes the No's keep going up I've noticed.   I'm in the No group, no TPM and I've got a 6th gen CPU.  Also, due to some old hardware, hdds maybe?  I can't boot into windows without BIOS compatibility mode on. 

 

I've messed with different settings just to see what happens and yeah.   I'll be on Windows 10 for now, maybe I'll build a new system next year, by then MS will be on Windows 11.1 or w/e new versioning they're going to go with.

 

Or you can just upgrade from an ISO without having TPM and 8th+ gen and all this panic is for nothing, we'll see.   I say this because technically MS's own Surface Studio 2 doesn't qualify, as per their CPU lists don't know about TPM, yet I've seen posts from people who've installed 11 on it already.   

[PRODIGY-]

I have TPM enabled. My issue is SECURE BOOT. After I enable it, windows will not load at all. I have followed every guide I could find and nop. Its not possible. Its a 3 month old Gaming rig.

[novv]

I'm wondering why so many people need a new Microsoft OS. First of all I like to remind everyone that absolutely nothing it's really free. Somehow you pay, more or less. This TPM requirement it's for security but not the way you're thinking. All the conspiracy theories are becoming so true this days. Look what data about TPM still holds on Wikipedia:

 

"Criticism

TCG has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer‍—‌and not the user who owns the computer system‍—‌decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.

The TrueCrypt disk encryption utility, do not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. As such, the condemning text goes so far as to claim that TPM is entirely redundant.

Attacks

In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat Briefings, where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC.

In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an internal conference to have carried out a differential power analysis attack against TPMs that was able to extract secrets.

In 2018, a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) was reported (CVE-2018-6622). It allows an adversary to reset and forge platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer. Fixing it requires hardware-specific firmware patches.[54] An attacker abuses power interrupts and TPM state restores to trick TPM into thinking that it is running on non-tampered components.

Main Trusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for measurement (DRTM) attack CVE-2017-16837, which affects computers running on Intel's Trusted eXecution Technology (TXT) for the boot-up routine.

In case of physical access, computers with TPM are vulnerable to cold boot attacks as long as the system is on or can be booted without a passphrase from shutdown or hibernation, which is the default setup for Windows computers with BitLocker full disk encryption."

Full article: https://en.wikipedia.org/wiki/Trusted_Platform_Module

[spaceelf]

16 minutes ago, novv said:

All the conspiracy theories are becoming so true this days.

If you're dumb enough to believe conspiracy theories there's a seperate forum for you.

[reactionary007]

I'm the sad owner of two PCs (one bought in mid-2017 and one in early-2018) that both have TPM 2.0 but are 7000 series Intel processors. Both say they will not run Windows 11 due to its processor requirements. Waiting for clarification on some of the speculation around supported vs. will run of course, but not holding my breath.

 

Remember Windows Vista Basic and the inability of many machines to run Aero (even machines sold post-Vista with a Basic sticker)? Something about this makes me think of that (maybe the fact that my existing PCs at the time were not going to run Aero). How about Windows 8.1 Update 3 for RT? I wonder if Microsoft will throw us some crappy bone with a Windows 10 update that brings down a few of the Windows 11 features. Either way - both Vista Basic and 8.1 Update 3 sucked :)

[norseman]

Looks like my x1900 should be fine?



I've already upgraded to 11 but found this in tpm.msc

 

[helpifIcan]

Mine passes all but secure boot, I go into Bios and is says secure boot enabled. Asus Z97-A MB. I'll check for a new version of BIOS but I don't think there is one that would make a difference. I know it's an old MB but hey works for my needs. BIOS ver. 2.16.1240.

Maybe then never/ever changing win10 is all I'll get until I feel like a rebuild.

[+devHead Subscriber²]

On 24/06/2021 at 16:24, ManMountain said:

A lot of focus on TPM 2.0, but not so much on the CPU's that are not supported in Windows 11.  

 

AMD supported CPU

Intel supported CPU

 

 

Yeah My Core i5 - 4460 is not supported. So, I guess it doesn't matter that I also don't have TPM.  I just think it's funny that my 3.2 GHz processor isn't good enough because of its generation, but all these Celeron processors are just fine.

[spaceelf]

35 minutes ago, devHead said:

Yeah My Core i5 - 4460 is not supported. So, I guess it doesn't matter that I also don't have TPM.  I just think it's funny that my 3.2 GHz processor isn't good enough because of its generation, but all these Celeron processors are just fine.

Since the Celeron 4xxx processors listed are mostly built with the same stuff the 8th gen Core processors are, yeah, they are.

 

https://ark.intel.com/content/www/us/en/ark/products/codename/97787/products-formerly-coffee-lake.html

 

(and the others are probably fairly similar - https://ark.intel.com/content/www/us/en/ark/products/codename/83915/products-formerly-gemini-lake.html + https://ark.intel.com/content/www/us/en/ark/products/codename/126287/products-formerly-kaby-lake-r.html )

[Good Bot, Bad Bot]

On 26/06/2021 at 20:25, Randomevent said:

I'm hardly an expert but I'd say it's most likely related to all the work they've had to do on Spectre and Meltdown and similar attacks.

You may be on to something and that would be another boost to security.

 

On 27/06/2021 at 03:56, ThaCrip said:

If it's not this, it will probably be something else that get people as a whole to largely reject Win11 given Microsoft's rep over the long term. because Microsoft has a pattern of good/bad/good/bad with OS's (for a long time now (ill just start from when PC's pretty much went mainstream)) which, if the pattern holds, Win11 will be part of the 'bad' group....

 

Win98(good)/WinME(bad)/WinXP(good)/WinVista(bad)/Win7(good)/Win8(bad)/Win10(good)... Win11(bad(?)).

 

p.s. I am not counting Win2k because while it was a good OS the average person could use, it was never targeted at the common user, so I did not count it. if I did, it would have broke the pattern. also, while Vista was not bad after a while, and apparently the same with Win8, those OS's were largely rejected by the masses since people generally stuck to WinXP, and the newer OS people who moved past WinXP generally stuck with Win7 until people were forced to something newer which, to state the obvious, is the current Win10, which is the only real choice for Windows users at this point.

Yeah, I don't see Windows 11 being largely rejected like Windows ME, Vista, and 8. Those were versions one had to pay for to upgrade which is not the case with Windows 11 so those that qualify will probably upgrade. A lot of eople would buy new machines with ME, Vista, and 8 and install the previous version of Windows. I don't see that happening at all with PCs that come with Windows 11. Windows 11 is really a minor upgrade over Windows 10 except for the laying of the ground work for better security of the platform.

 

2 hours ago, novv said:

I'm wondering why so many people need a new Microsoft OS. First of all I like to remind everyone that absolutely nothing it's really free. Somehow you pay, more or less. This TPM requirement it's for security but not the way you're thinking. All the conspiracy theories are becoming so true this days. Look what data about TPM still holds on Wikipedia:

 

"Criticism

TCG has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer‍—‌and not the user who owns the computer system‍—‌decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.

The TrueCrypt disk encryption utility, do not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. As such, the condemning text goes so far as to claim that TPM is entirely redundant.

Attacks

In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat Briefings, where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC.

In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an internal conference to have carried out a differential power analysis attack against TPMs that was able to extract secrets.

In 2018, a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) was reported (CVE-2018-6622). It allows an adversary to reset and forge platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer. Fixing it requires hardware-specific firmware patches.[54] An attacker abuses power interrupts and TPM state restores to trick TPM into thinking that it is running on non-tampered components.

Main Trusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for measurement (DRTM) attack CVE-2017-16837, which affects computers running on Intel's Trusted eXecution Technology (TXT) for the boot-up routine.

In case of physical access, computers with TPM are vulnerable to cold boot attacks as long as the system is on or can be booted without a passphrase from shutdown or hibernation, which is the default setup for Windows computers with BitLocker full disk encryption."

Full article: https://en.wikipedia.org/wiki/Trusted_Platform_Module

Thanks for that Wikipedia research. LOL No one is saying TPM means perfect security but a system with secure boot and TPM are more secure than a box without those.

[cacoe]

Never understood the good bad thing, because it ignores some information, for example, windows 98SE was when it was actually good,  Windows 2000 - good, I know it was a separate NT product bust still, also XP wasn't regarded as great until a couple of service packs were released and despite the horrible start screen, Windows 8.1 was very stable.

[Yogurth]

  This, if released as it stands now will invoke the consumer backlash far greater than the backlash during Vista or Windows 8 era, IMHO. 

  Microsoft is making a pigheaded move and not he first one either. Instead of requiring only from the OEM's and hardware vendors that all of their future products targeted for Windows 11 come with TPM 2.0 and let the hardware switch come naturally, they are punishing, by my educated guess, more than 50% of Windows users.