Windows 11 Question (TPM? -> External TPM Module = Not Mandatory)

Pangolin

Member
Administrator
Joined
Nov 13, 2015
Messages
31
Note. Below information is based on current latest Microsoft release document (2021/06/25)
Windows Requirement
1624618048576.png

Secure Boot capable (Not necessarily to be enabled)
TPM version 2.0 (fTPM or dTPM) - Discrete TPM card is NOT mandatory when fTPM works


For information of MSI TPM 2.0 card (dTPM)
https://www.msi.com/Motherboard/TPM-20-Module

Test your compatibility with Windows 11
Windows Official Test Tool (Removed by Microsoft)
Alternative: WhyNotWin11
https://github.com/rcmaehl/WhyNotWin11/releases/latest/download/WhyNotWin11.exe

Step to enable relative BIOS options, you can check the video below. (fTPM)

Intel Platform
BIOS\Settings\Security\Trusted Computing\TPM Device Selection
1624618916116.png

AMD Platform
BIOS\Settings\Security\Trusted Computing\AMD fTPM switch
1624618957337.png

For newer PRO series motherboard (Intel 500s or later), security section is not under BIOS\Settings
1625043355450.png

To verify TPM is enabled in windows, press [Windows]+[R] key, and run "tpm.msc". "TPM Management" will show the TPM version of your system.
1625196442301.png


For more detail information, you can visit Microsoft website.
https://www.microsoft.com/en-us/windows/windows-11

TPM 2.0 (fTPM) Compatible Motherboard
This is NOT a Win11 compatible motherboard list, it simply means the motherboard BIOS supports fTPM
Intel
SeriesChipsetCPU Supported
500 SeriesZ590 / B560 / H51010th / 11th Gen
400 SeriesZ490 / B460 / H41010th / 11th Gen
300 SeriesZ390 / Z370 / B365 / B360 / H370 / H3108th / 9th Gen
200 SeriesZ270 / B250 / H2706th / 7th Gen
100 SeriesZ170 / B150 / H170 / H1106th / 7th Gen
X299X299X-series 10000/9000/78xx
AMD
SeriesChipset
500 SeriesX570S / X570 / B550 / A520
400 SeriesX470 / B450
300 SeriesX370 / B350 / A320
TR4 SeriesTRX40 / X399
Link to fTPM BIOS function support motherboard

Unable to boot into operating system once updating to new Windows 11 compatible BIOS
1. Change BIOS\Settings\Advanced\BIOS CSM/UEFI Mode from UEFI to CSM mode
2. Convert storage partition style
3. Change BIOS\Settings\Advanced\BIOS CSM/UEFI Mode from CSM to UEFI mode again
 
Last edited:

RemusM

Well-known member
LIEUTENANT COLONEL
Joined
Nov 16, 2006
Messages
2,744
You also need a supported CPU:
 
Last edited:

raven2099

Eh!
PRIVATE FIRST CLASS
Joined
May 3, 2016
Messages
11
So, where can we buy these TPM cards and how to install them?
I mean, I've found the card I need on Amazon *MS-4136 TPM 2.0 MSI
(MSI 914-4136-105 TPM 2.0 Module Infineon Chip SLB 9665 TT 2.0)*, but it looks like everyone is out of stock ATM
so other than not having this card, my PC seams totally compatible
 

laurence1211

Well-known member
PRIVATE E-2
Joined
Jun 28, 2020
Messages
1,969
Note. Below information is based on current latest Microsoft release document (2021/06/25)
Windows Requirement
View attachment 149756
Secure Boot capable (Not necessarily to be enabled)
TPM version 2.0 (fTPM or dTPM)


For information of MSI TPM 2.0 card (dTPM)
https://www.msi.com/Motherboard/TPM-20-Module

Test your compatibility with Windows 11
Windows Official Test Tool

Step to enable relative BIOS options, you can check the video below. (fTPM)

Intel Platform
BIOS\Settings\Security\Trusted Computing\TPM Device Selection
View attachment 149758
AMD Platform
BIOS\Settings\Security\Trusted Computing\AMD fTPM switch
View attachment 149759

For more detail information, you can visit Microsoft website.
https://www.microsoft.com/en-us/windows/windows-11
The MSI TPM 2.0 card (dTPM) page has conflicting information on it. As such the support for each module is unclear.
 
Joined
Jun 25, 2021
Messages
1
Note. Below information is based on current latest Microsoft release document (2021/06/25)
Windows Requirement
View attachment 149756
Secure Boot capable (Not necessarily to be enabled)
TPM version 2.0 (fTPM or dTPM)


For information of MSI TPM 2.0 card (dTPM)
https://www.msi.com/Motherboard/TPM-20-Module

Test your compatibility with Windows 11
Windows Official Test Tool

Step to enable relative BIOS options, you can check the video below. (fTPM)

Intel Platform
BIOS\Settings\Security\Trusted Computing\TPM Device Selection
View attachment 149758
AMD Platform
BIOS\Settings\Security\Trusted Computing\AMD fTPM switch
View attachment 149759

For more detail information, you can visit Microsoft website.
https://www.microsoft.com/en-us/windows/windows-11
Hello, I have a Z97-G45 Gaming motherboard and wanted to install Windows 11. I tried to enable secure boot but I'm seeing that I need to "enroll the Platform Key", run the system in user mode, and disable the CSM function. Can you help me to make these changes?
Thanks,
Dan
 

toni.chico154d02de

New member
Joined
Jun 25, 2021
Messages
2
Hello everyone.
I did the test and it says that I dont have TPM. But reading the guide for the MSI X99A Gaming 7 it says that I have TPM conector (not the Chip) do anyone know where can I find it to buy, just the name of the model, thanks for all. Sorry about my english :p
 
Joined
Jun 25, 2021
Messages
1
Hello everyone.
I did the test and it says that I dont have TPM. But reading the guide for the MSI X99A Gaming 7 it says that I have TPM conector (not the Chip) do anyone know where can I find it to buy, just the name of the model, thanks for all. Sorry about my english :p
Hello, I have the same problem. My Motherboard is a MSI MAG Z390 tomahawk. Its seems I have the slot for TPM, but not the module itself. I'll be bery grateful if MSI can show us what TPM module is compatible with our MBs and where can us buy it. Greetings and thanks
 

citay

Pro
SERGEANT
Joined
Oct 12, 2016
Messages
7,732
Hello, I have a Z97-G45 Gaming motherboard and wanted to install Windows 11. I tried to enable secure boot but I'm seeing that I need to "enroll the Platform Key", run the system in user mode, and disable the CSM function. Can you help me to make these changes?
Switch the BIOS to Advanced Mode by pressing F7. Go to Settings -> Security -> Secure Boot.

When you enable it, it could say that it needs to reboot to install the Factory default keys. It could be that you have to set Secure Boot to Custom and enroll all Factory default keys, then reboot, enter the BIOS again, and then set it to Standard. The process is weird and people get confused by it. But usually after two minutes, you should be able to have Secure Boot enabled and set to Standard.

BIOS has to be set to UEFI mode, not CSM/Legacy. Note that when you have installed Windows 10 in CSM/Legacy mode before, and you switch it to UEFI mode, the old installation will no longer start, because Windows then wants the boot drive to have a GPT, not an MBR. But if you do a fresh install anyway, just set the BIOS to UEFI, since you don't need the old Windows to boot.


Hello, I have the same problem. My Motherboard is a MSI MAG Z390 tomahawk. Its seems I have the slot for TPM, but not the module itself. I'll be bery grateful if MSI can show us what TPM module is compatible with our MBs and where can us buy it. Greetings and thanks
Most MSI boards from the last five, six years or so (yours included) do not need a seperate TPM module, because they have a fTPM (firmware TPM). On Intel boards, this is enabled here:



PTT is Intel's "Platform Trust Technology" which is the firmware TPM.

It's similar on AMD boards. Again, make sure that the BIOS is in UEFI mode too (it's displayed at the top there, in this example screenshot it would be in Legacy mode, which is wrong).

More information about TPM:


A final word about the CPU requirements, there is a general document that says:

Processor: 1 gigahertz (GHz) or faster with two or more cores on a compatible 64-bit processor or system on a chip (SoC).

The Intel / AMD processor lists from further above in this thread are mostly the requirements for complete PCs, if they want to put a "Windows 11" sticker on them. At home, you are welcome to install it on your i5-6600K for example.
 
Last edited:

laurence1211

Well-known member
PRIVATE E-2
Joined
Jun 28, 2020
Messages
1,969
Hello everyone.
I did the test and it says that I dont have TPM. But reading the guide for the MSI X99A Gaming 7 it says that I have TPM conector (not the Chip) do anyone know where can I find it to buy, just the name of the model, thanks for all. Sorry about my english :p
Your system looks to be too old to be supported.
 

kmtstudi153702d3

New member
Joined
Jun 25, 2021
Messages
3
I have a MSI Z170 M7 MB with Intel i7-6700k , 4.00GHz | 32GB Ram | MSI GTX GeForce GTX1660 Ti 6GB , and more storage than I need.
I was able to turn on TPM in the Bios but I'm still getting The compatible Trusted Module that cannot be found message.
Can I update the current TPM to 2.0 and which TPM module is compatible with my MB?
Thx in advance!
 
Last edited:

RemusM

Well-known member
LIEUTENANT COLONEL
Joined
Nov 16, 2006
Messages
2,744
Time to start saving :(
The current requirements for TPM 2.0 are Intel 300 chipsets and Intel 8th generation CPUs.
I bet in the near future they will allow Intel 100 chipsets and the 6th generation CPUs (your case).
Otherwise they will lose too many customers.
In any case, saving is a good thing. :biggrin:
 

kmtstudi153702d3

New member
Joined
Jun 25, 2021
Messages
3
The current requirements for TPM 2.0 are Intel 300 chipsets and Intel 8th generation CPUs.
I bet in the near future they will allow Intel 100 chipsets and the 6th generation CPUs (your case).
Otherwise they will lose too many customers.
In any case, saving is a good thing. :biggrin:
True. I always get rigs that last at least 7 years. I still have about one left and my system is still working great.
 

jhd

New member
Joined
Jun 26, 2017
Messages
2
According to the MSI website, my motherboard (Z270 SLI PLUS) has support for a 14-pin TPM using the LPC interface. The MSI website lists the MS-4136 as their only supported chip (and a newer chip won't work).

I'd like to enable Bitlocker, and potentially installing Windows 11 would be nice as well. Does anyone know where to buy an MS-4136? I could only find a single Ebay listing that has already been sold out, selling a used module.

As MSI seems to no longer seems to produce these, does anyone know an alternative brand or chip that has a compatible pinout? For example, ASUS has TPMs with a similar connector but their pinout is different (GND where the MSI puts 5V and vice versa, so installing one of those would probably blow something up). I'm sure one could solder up a board with a competitor's TPM that matches the right pinout, but I'd prefer buying an MSI item.

The ASUS TPM does seem to be in stock, so perhaps I should keep this in mind next time I'm in the market for a motherboard.

There seems to be one last TPM in stock over in Canada but that store doesn't ship abroad, so I wish my Canadian brethren good luck .
 

citay

Pro
SERGEANT
Joined
Oct 12, 2016
Messages
7,732
You don't need a discrete TPM chip for that board, see my post a bit higher up, https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066837

Most boards from the last 5-6 years have a firmware TPM or "fTPM", on Intel this is called PTT or "Platform Trust Technology" and can simply be enabled in the BIOS.

There is no major difference in how a dTPM chip and the integrated fTPM works. To Windows, it behaves exactly the same. So it is completely unnecessary to buy a dTPM chip when you have a fTPM.

Here is the Microsoft article again: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations

If you look at that, you will see that Bitlocker also doesn't require a TPM, you can use that already without enabling the fTPM.
 

gigavol158502e2

New member
Joined
Jun 25, 2021
Messages
1
You don't need a discrete TPM chip for that board, see my post a bit higher up, https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066837

Most boards from the last 5-6 years have a firmware TPM or "fTPM", on Intel this is called PTT or "Platform Trust Technology" and can simply be enabled in the BIOS.

There is no major difference in how a dTPM chip and the integrated fTPM works. To Windows, it behaves exactly the same. So it is completely unnecessary to buy a dTPM chip when you have a fTPM.

Here is the Microsoft article again: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations

If you look at that, you will see that Bitlocker also doesn't require a TPM, you can use that already without enabling the fTPM.

Hello, please don´t You know if it is possible also on H97 Gaming 3 board?
In advanced settings there is no option about TPM.
But this MB also have connector for separate TPM chip.
Thanx.
 
Top