WhyNotWin11 icon indicating copy to clipboard operation
WhyNotWin11 copied to clipboard

Published 20 hours ago verified publisher icon rcmaehl

Supplement TPM detection with a list of processors with TPM included

Open nbmrjuhneibkr opened this issue 3 years ago • 17 comments

Currently "missing/disabled" TPM is marked in red, giving impression that hardware is incompatible with Windows 11. While in reality, fixing this incompatibility may be as easy as changing a BIOS setting on most modern PCs.

nbmrjuhneibkr avatar Jul 06 '21 00:07 nbmrjuhneibkr

fixing this incompatibility may be as easy as changing a BIOS setting on most modern PCs.

What exactly you mean just Enabling TPM in BIOS or something else ?

mlipok avatar Jul 06 '21 06:07 mlipok

BIOS. Both Intel and AMD systems from the last few years have built-in TPM support that's usually disabled by default.

nbmrjuhneibkr avatar Jul 06 '21 06:07 nbmrjuhneibkr

BIOS. Both Intel and AMD systems from the last few years have built-in TPM support that's usually disabled by default.

In mikroprocesor instead separate TPM chip ? I heard about year ago, or something about, please refresh my memory.

How this feature is called / named?

mlipok avatar Jul 06 '21 07:07 mlipok

How this feature is called / named?

Intel PTT, AMD fTPM

nbmrjuhneibkr avatar Jul 06 '21 11:07 nbmrjuhneibkr

Do you mean this: https://helgeklein.com/blog/how-to-check-windows-tpm-status-enable-cpu-amd-ftpm-intel-ptt/

Please run: C:\>tpmtool.exe getdeviceinformation and provied yours result

here are mine:

C:\Users\Szef>tpmtool.exe  getdeviceinformation

-TPM Present: True
-TPM Version: 1.2
-TPM Manufacturer ID: STM
-TPM Manufacturer Full Name: ST Microelectronics
-TPM Manufacturer Version: 13.8
-PPI Version: 1.2
-Is Initialized: True
-Ready For Storage: True
-Ready For Attestation: False
-Information Flags Description:
        INFORMATION_EK_CERTIFICATE
        INFORMATION_TPM_OWNERAUTH
-Is Capable For Attestation: False
-Clear Needed To Recover: True
-Clear Possible: True
-TPM Has Vulnerable Firmware: False
-PCR7 Binding State: 0
-Maintenance Task Complete: True
-TPM Spec Level: 2
-TPM Spec Revision: 3

mlipok avatar Jul 06 '21 12:07 mlipok

btw. If there is no allready usable UDF to parse/get information via tpmtool I will provide separate project for gathering information from this tool

mlipok avatar Jul 06 '21 12:07 mlipok

I don't think that tpmtool (or any other software that interacts with TPM) will be able to detect TPM when it's disabled in BIOS.

nbmrjuhneibkr avatar Jul 06 '21 13:07 nbmrjuhneibkr

I don't think that tpmtool (or any other software that interacts with TPM) will be able to detect TPM when it's disabled in BIOS.

It cannot.

rcmaehl avatar Jul 06 '21 13:07 rcmaehl

What about checking Intel PTT, AMD fTPM ?

mlipok avatar Jul 06 '21 13:07 mlipok

What about checking Intel PTT, AMD fTPM ?

cpu features.txt

Doesn't appear to be included in the CPU feature list, so I'd have to manually create a list of them

rcmaehl avatar Jul 06 '21 14:07 rcmaehl

If a CPU passes the CPU Generation check already, it means, among other things, that it already has firmware TPM available, so we could have a bunch of them dealt with that way.

Vengirni avatar Jul 07 '21 10:07 Vengirni

If a CPU passes the CPU Generation check already, it means, among other things, that it already has firmware TPM available, so we could have a bunch of them dealt with that way.

I'll have to verify this, but if true I'll make a note of it

rcmaehl avatar Jul 08 '21 14:07 rcmaehl

It has to be enabled via the UEFI Settings. And different OEMs have different prerequisites in order to enable it.

And, finally, my understanding is that PTT / fTPM is not directly in the CPU, the CPU supports it - the actual implementations are in the chipsets.

JohnLGalt avatar Jul 08 '21 15:07 JohnLGalt

The big4 MOBO manufacturers have all released which series are compatible:

https://www.asrock.com/news/index.asp?iD=4696 https://www.asus.com/us/support/FAQ/1046215/ https://www.gigabyte.com/Press/News/1925 https://www.msi.com/news/detail/MSImotherboardisreadyforWindows11122145

Vengirni avatar Jul 08 '21 18:07 Vengirni

Exactly. It's the chipsets. Because as noted on both the ASRock and MSI websites above, 100 & 200 series Intel chipset-based boards are "capable" of TPM support for Win11, though the processors compatible with those boards (6th / 7th gen Intel CPUs) are not on the list of officially supported CPUs, even though plenty of people with both those generations of CPUs have been able to successfully install Windows 11, both clean installs as well as upgrades from Win 10.

I do agree that adding a note under the TPM topic stating something along the lines of "Although it is not enabled, your Chipset XXX does support fTPM / PTT. Please refer to your manual to enable it." would probably be a good thing - too many people still don't get this whole firmware TPM thing. But coding this could get tricky, I know.

If the chipset used on the motherboard being tested could be determined, maybe even a link to one of the four links above (if it is a mobo from those 4 OEMs) might help with the resulting issues like "It says that my chipset supports it but I can't find it in the Settings / UEFI / BIOS!" too. So, for example, when I test my MSI X570 GODLIKE, if I ever have TPM disabled (which is easy to encounter - UEFI fw upgrades reset settings to default), it would then tell me TPM is not present, but my mobo supports it, link to the MSI page (maybe use a URL shortener to save space / characters) and call it a day.

JohnLGalt avatar Jul 09 '21 12:07 JohnLGalt

built in tpm is a chipset feature not a cpu feature

troysjanda avatar Jul 24 '21 17:07 troysjanda

changing a BIOS setting on most modern PCs.

What? I do not have any PTT. There is a way to install it anyway.

ValZapod avatar Oct 06 '21 09:10 ValZapod