• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

TPM fun

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
mackerel

mackerel

Member
Joined
Mar 7, 2008
Don't know if people have been following the Win11 news, but one of several thing that has blown up is the apparent requirement of TPM 2.0 (1.2 may work but not recommended). To my current understanding there are two possible implementations.
1, a physical (optional) TPM module fitted to the mobo
2, use the embedded security features in newer Intel/AMD platforms. I say platforms because it is unclear to me if it is implemented in CPU, chipset, or elsewhere. This may be referred to as fTPM.

You can check the presence of enabled TPM by running tpm.msc in Windows.


TPM 2.0 enabled already:
Asus Kaby Lake laptop
Lenovo Zen 3 laptop

Required manual enabling in bios:
Asus B560 mobo
Asus X299 mobo
Asrock Z370 mobo
Asrock Z390 mobo (assumed, need to check)

Option in bios but can't set - requires module?
Gigabyte Z490 mobo (need another look after new information, see post on 6 July)

No option in bios that I can find:
Asus Z170 mobo


In short, if MS hold to TPM being a mandatory requirement there will be a lot of modern self builds that can't update to it. Apparently TPM has been a requirement for Win10 certified systems for a while, so this is unlikely to affect systems from the bigger box shifters. Systems from custom PC builders will probably be affected similarly to enthusiast builds.

I wanted to enable a system for trying out Win11, but basically of the two desktops and one newer laptop that meet all other requirements beyond TPM, they're all in frequent use and I don't want to put a pre-release OS on them. It is not trivial for me to swap in an alternate boot disk either. The desktops are all M.2 and require removing the GPU to access. The laptop requires disassembly to reach the M.2 slots, so that's also out. I don't want to try it that badly.
 
I know that some of my motherboards were supporting TPM but I wasn't really interested in that and I'm not sure what version. Now I see that some of my motherboards have only headers for 1.2/2.0 modules.
I also saw a requirement of making your microsoft account to be able to use Win11. I always use offline accounts as all others are messing up various applications (automatically use an account that I don't want) and I need additional verification/security options. Maybe it's their way to fight with windows keys sharing.
 
I've been reading about this and wondering some things...

Many (most?) modern motherboards have a TPM header on them so you can simply add a TPM module to the header and, I'm assuming, be allowed to install W11 on said machines (that don't already have the TPM module).

I'm not sure on this, but having one or not may vary by board and not platform??? But not sure on that... :confused:

You can check if it is enabled in windows by going to "Run", then type "tpm.msc" (no quotes for either) and it should bring up a window. If it says cannot be found, that means it is disabled or not found. Note this does NOT mean you do not have one. Then you'd need to check for it in the BIOS. In Asus boards it should be under trusted computing IIRC.

My Z590 board doesn't have it (enabled) but there is an option in the BIOS on this board.

Does this affect PC builders like us more than large OEMs like Dell and such with their (mostly) proprietary mobos where it seems these modules are more frequently installed?

I also wonder how much this will cost........:chair:

EDIT: Not sure what a W10 certified machine is/means, but, I have W10 on this board with TPM off/not found and it's still fully activated. :shrug:
 
Adding a TPM module certainly is a possibility, if you can find a compatible one for your mobo at a reasonable cost. Up to now, most enthusiasts didn't care. If everyone suddenly starts shopping for these things...

I change my important systems often enough that I'll probably will have replaced currently used non-TPM systems by the time Win10 goes unsupported. I don't intend to add TPM to them.

For those with an option to enable, do see if you actually can. Asus seems to offer disabled, fTPM (built into platform), discrete TPM (extra hardware device required). The Asrock/Gigabyte mobos I have don't have fTPM and would require the additional module. They're going to be on my short list to dispose of.

Win 10 certification is what a system builder can get from MS. It means it meets all requirements MS want on a Win10 system, like secure boot enabled and probably a bunch of other things. I think you get a Win10 sticker to put on the system for the efforts. You certainly don't need to be certified to sell a system running Win10, but you may be more limited in what you can say.
 
A quick google and these TPM modules are (currently) found cheap (many under $10, many more).
https://www.colamco.com/product/asu...MQmvTfumJTS2JkgV73ODw24qt5ISZx6UaAj4FEALw_wcB

Are these vendor/platform/board agnostic? I'd imagine they will work on the same family of boards, but wondering if the "asus" model linked above would work in an MSI board, for example. It looks like it is vendor specific (Asus, Hp, SuperO, etc)

Also, I can't find the option in this BIOS (Asus Z590)... it isn't under advanced that I saw... but will take a look again. The only thing I saw was secure boot options under boot, but nothing said TPM specifically.

I wonder if next gen boards, more will integrate them, or come with a TPM module.
 
It should be in security tabs but I think I had it in general tabs too (advanced or something, depends on the brand). Still, I thought it's available on new motherboards but on all of them I only see TPM headers. It's also weird that Microsoft does that. It will limit computers that can work with Win11 and will limit their expected profits. I doubt that most users with cheaper or older computers will look for TPM modules or even know that they need them. Or it's planned with hardware manufacturers as computer sales are going down each year.

Looks like Health App can tell if your PC will handle Win11 or not. Direct link -> https://aka.ms/GetPCHealthCheckApp
 
I'm not sure it was planned... or at least not based on that reasoning anyway. The last two years PC sales have gone up. Previous to that (2018), and since 2011 (where it peaked around 365M units), sales were going down. BUt 2019 and 2020 showed an increase. We likely would have seen that in 2018, but the a lack of chips around that time held back sales (according to a Statista article anyway).

Not sure where this is going, but I agree most 'normal' users (read few that come here) won't have a clue about this. But enthusiasts, who it affects the most, has a better chance of hearing about this, reading the manual, and plugging the device in/enabling it. It seems like a lot of the OEMs already include the chip on their own mobos...seems more like a play on the enthusiast market considering the overwhelming majority of PC's are from Dell/Hp, etc as opposed to DIY. For those like ibuypower or Origin (those who build custom PCs), will have to keep an eye out on their boards/status of TPM moving forward for those with W11 on it.



EDIT: That tools says my Z590 system is not compatible with W11.... :rofl:

Also, that was a bit scary seeing something immediately DL from a link! I'd like a landing page, lol!
 
While I don't have a big sample of systems to go by, it is looking likely from the two recent-ish laptops I have that systems bought from the big names like HP, Dell, Lenovo etc., will not be affected by this. Those most affected are self build enthusiasts and smaller system builders that operate similarly to enthusiasts using off the shelf parts. Still, there's an expected 4 years before mainstream Win10 goes unsupported so nothing to panic over. It is unlikely any desktop system I currently have will be in critical use by that time.
 
mackerel said:
While I don't have a big sample of systems to go by, it is looking likely from the two recent-ish laptops I have that systems bought from the big names like HP, Dell, Lenovo etc., will not be affected by this. Those most affected are self build enthusiasts and smaller system builders that operate similarly to enthusiasts using off the shelf parts. Still, there's an expected 4 years before mainstream Win10 goes unsupported so nothing to panic over. It is unlikely any desktop system I currently have will be in critical use by that time.
Click to expand...
That;s what I've been reading too. Can't say I'm terribly concerned for the enthusiast crowd (although this is annoying) and it looks like the majority are taken care of already. Wondering if I should just buy one now... lol
 
This might be the push for me to retire more older systems and consolidate onto fewer newer ones. It was always the plan, but this gives additional incentive.
 
Ha, indeed. I don't keep much old stuff around... anything that's here is modern (within a couple gens) and in use. I've got enough hardware laying around from reviews it prevents me from hanging on to stuff like that (along with simply not wanting to keep old things in general). 3 PCs and a laptop is plenty (not counting the two review rigs that are always stood up)!

edit: maybe I should have bought one when they were available...... gone now. :(
 
EarthDog said:
Also, that was a bit scary seeing something immediately DL from a link! I'd like a landing page, lol!
Click to expand...

The link is on the main Win11 page :)

I think it will work as long as it passes the test. The update to Win11 will be like from Win7/8 to Win10. It will probably use the same product key so will sign your motherboard ID to the old Win7/8/10 key.

- Biostar Z590I Valkyrie passes the test without any changes in BIOS
- EVGA X299 Dark passes the test after enabling Intel PTT Support in Advanced/Trusted Computing tab
 
I ran the tool and it also said mine was not compatible. So, I went to the bios and enabled TPM (Asus B550i) and changed to UEFI boot only, dropped in a spare NVME and loaded windows again- not it says compatible. Now I am in the Dev Ring for Windows Insider and just waiting to see if I get it next week.
 
On Crosshair VIII Impact (X570), after enabling TPM in BIOS, it passed the test, and the devices manager says that the TPM 2.0 driver is installed. I will probably check Supermicro Z490 and MSI Z590 later this weekend but somehow I doubt there will be problems.
 
You can setup a USB flash drive as a TPM, you can get a
12-200-474-04.jpg
or
AS35D201006N7KI0.jpg
and plug in to usb header on your motherboard.
 
I have to correct myself. The Asrock boards do support fTPM, just that they implemented it as two separate options on two separate screens. Both have to be enabled for it to work. On one screen you enable/disable TPM. On another screen you enable/disable fTPM. With both enabled (not just either one) it gets detected in Windows.

I haven't gone back for another look on the Gigabyte yet, but wonder if they have done something similar to Asrock. The Asus solution is much neater, with the three options in one setting (off, fTPM, discrete TPM)
 
EarthDog said:
I've been reading about this and wondering some things...

Many (most?) modern motherboards have a TPM header on them so you can simply add a TPM module to the header and, I'm assuming, be allowed to install W11 on said machines (that don't already have the TPM module).

I'm not sure on this, but having one or not may vary by board and not platform??? But not sure on that... :confused:

You can check if it is enabled in windows by going to "Run", then type "tpm.msc" (no quotes for either) and it should bring up a window. If it says cannot be found, that means it is disabled or not found. Note this does NOT mean you do not have one. Then you'd need to check for it in the BIOS. In Asus boards it should be under trusted computing IIRC.

My Z590 board doesn't have it (enabled) but there is an option in the BIOS on this board.

Does this affect PC builders like us more than large OEMs like Dell and such with their (mostly) proprietary mobos where it seems these modules are more frequently installed?

I also wonder how much this will cost........:chair:

EDIT: Not sure what a W10 certified machine is/means, but, I have W10 on this board with TPM off/not found and it's still fully activated. :shrug:
Click to expand...

It can affect DIY Builds as TPM Modules which were selling for $14-$25 on Amazon and Newegg are now listed for $99 (Scalpers)

It also affects large OEMs as some do not include the connector on the board and, instead, solder the TPM Module to the mobo. At least, that's what I've seen when I looked at the HP Pro Desk 600's...
 
Right.. but at the time of that post (almost two weeks ago), they were that cheap and readily available (see post #5 and then #11 where I already mentioned they were gone). Hindsight is always 20/20. :thup:
 
EarthDog said:
Right.. but at the time of that post (almost two weeks ago), they were that cheap and readily available (see post #5 and then #11 where I already mentioned they were gone). Hindsight is always 20/20. :thup:
Click to expand...

Definitely agree about the hindsight.

I was looking at them in March for an unrelated reason and didn't pull the trigger...now I wish I had.
 
You must log in or register to reply here.

Similar threads

fabulouscoops
Windows update thinks my computer is not Win 11 ready, but it is.
Replies
3
Views
576
fabulouscoops
fabulouscoops
EarthDog
SOLVED HP Pavilion Gaming laptop - TPM issues, cannot install W11
Replies
2
Views
612
EarthDog
EarthDog
don256us
SOLVED Another build. Now with pictures!
Replies
12
Views
1K
don256us
don256us
Kenrou
Microsoft will begin developing Windows 12 in March
2
Replies
26
Views
2K
trents
trents
Bluegix
4 sticks of RAM in Asus TUF B660M-Plus D4 with 12400F
Replies
0
Views
500
Bluegix
Bluegix
Back