Windows 11 Question (TPM? -> External TPM Module = Not Mandatory)

[Pangolin]

Note. Below information is based on current latest Microsoft release document (2021/06/25)
Windows Requirement

Secure Boot capable (Not necessarily to be enabled)
TPM version 2.0 (fTPM or dTPM) - Discrete TPM card is NOT mandatory when fTPM works

For information of MSI TPM 2.0 card (dTPM)
https://www.msi.com/Motherboard/TPM-20-Module

Test your compatibility with Windows 11
Windows Official Test Tool (Removed by Microsoft)
Alternative: WhyNotWin11
https://github.com/rcmaehl/WhyNotWin11/releases/latest/download/WhyNotWin11.exe

Step to enable relative BIOS options, you can check the video below. (fTPM)

Intel Platform
BIOS\Settings\Security\Trusted Computing\TPM Device Selection

AMD Platform
BIOS\Settings\Security\Trusted Computing\AMD fTPM switch

For newer PRO series motherboard (Intel 500s or later), security section is not under BIOS\Settings

To verify TPM is enabled in windows, press [Windows]+[R] key, and run "tpm.msc". "TPM Management" will show the TPM version of your system.

For more detail information, you can visit Microsoft website.
https://www.microsoft.com/en-us/windows/windows-11

TPM 2.0 (fTPM) Compatible Motherboard

MSI Global - The Leading Brand in High-end Gaming & Professional Creation

As a world leading gaming brand, MSI is the most trusted name in gaming and eSports. We stand by our principles of breakthroughs in design, and roll out the amazing gaming gear like motherboards, graphics cards, laptops and desktops.

www.msi.com

This is NOT a Win11 compatible motherboard list, it simply means the motherboard BIOS supports fTPM
Intel

Series	Chipset	CPU Supported
500 Series	Z590 / B560 / H510	10th / 11th Gen
400 Series	Z490 / B460 / H410	10th / 11th Gen
300 Series	Z390 / Z370 / B365 / B360 / H370 / H310	8th / 9th Gen
200 Series	Z270 / B250 / H270	6th / 7th Gen
100 Series	Z170 / B150 / H170 / H110	6th / 7th Gen
X299	X299	X-series 10000/9000/78xx

AMD

Series	Chipset
500 Series	X570S / X570 / B550 / A520
400 Series	X470 / B450
300 Series	X370 / B350 / A320
TR4 Series	TRX40 / X399

Link to fTPM BIOS function support motherboard

Unable to boot into operating system once updating to new Windows 11 compatible BIOS
1. Change BIOS\Settings\Advanced\BIOS CSM/UEFI Mode from UEFI to CSM mode
2. Convert storage partition style
3. Change BIOS\Settings\Advanced\BIOS CSM/UEFI Mode from CSM to UEFI mode again

 

[DubStepMad]

I have a X470 Gaming Plus MB with the Beta bios as I have an Ryzen 7 3700x.

1. Changed from CMS to UEFI.
2. Enabled Secure boot.
3. Installed the keys as I was stuck in user mode.
4. Disconnected all drives but the OS one (M.2 drive)

Still boots directly into the bios.

If I have to get a new motherboard I have no issue doing so (please recommend some).

 

[Nichrome]

Not sure why people panic. Win10 will keep getting support and updates until 2025..

 

[ferran.duarr157e02dd]

I own a Meg z490i Unify

Can I plug TPM 2 module on it?

Same Windows 11 says is not compatible

 

[DubStepMad]

Not sure why people panic. Win10 will keep getting support and updates until 2025..

I don't think its a panic, most people like myself want access to the latest available.

 

[citay]

Still boots directly into the bios.

I don't know what the problem is? If you have installed Windows 10 before in CSM mode, and then switch the BIOS to UEFI mode, the previously installed Windows 10 will no longer boot. UEFI needs a drive with GPT, not MBR. Therefore the BIOS might load by default. But it's a good thing to set the BIOS to UEFI mode if you plan to do a fresh install, because CSM/Legacy mode is outdated.

So you set it to UEFI mode, you enabled Secure Boot in Standard mode. What you didn't do is enable the fTPM (firmware TPM).
See the first post, the screenshot of the BIOS for AMD: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066735

I own a Meg z490i Unify

Can I plug TPM 2 module on it?

Just enable fTPM ("PTT") in BIOS: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066837

With most recent mainboards, a seperate (discrete) TPM 2.0 module is NOT NECESSARY. The boards come with a firmware TPM that works just as well, you only need to enable it in the BIOS.

 

[stormy1352]

I have a X470 Gaming Plus MB with the Beta bios as I have an Ryzen 7 3700x.

View attachment 149776
1. Changed from CMS to UEFI.
2. Enabled Secure boot.
3. Installed the keys as I was stuck in user mode.
4. Disconnected all drives but the OS one (M.2 drive)

Still boots directly into the bios.

If I have to get a new motherboard I have no issue doing so (please recommend some).

Convert Windows 10 from Legacy BIOS to UEFI without Data Loss | Tutorials (tenforums.com)

 

[citay]

Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

Most modern PC platforms include an fTPM (firmware trusted platform module) of some form. Those that don't, have a TPM 2.0 compatible header on the motherboards. Microsoft's requirement of a hardware TPM for Windows 11 has scalpers go after add-on TPMs, which are typically priced around $20, but...

www.techpowerup.com

Most modern PC platforms include an fTPM (firmware trusted platform module) of some form. Those that don't, have a TPM 2.0 compatible header on the motherboards. Microsoft's requirement of a hardware TPM for Windows 11 has scalpers go after add-on TPMs, which are typically priced around $20, but now marked up to $100, according to price-tracking by Shen Ye, a senior HTC VIVE exec, who has been tracking prices of add-on TPMs.

Scalpers possibly anticipate a rush of ill-informed buyers out for add-on TPMs, who haven't spent 5 minutes digging through their UEFI setup programs for the fTPM toggle.

 

[ferran.duarr157e02dd]

Now it is working for me !!!

Set Secure Boot in Standard mode

go back to TPM section and make sure you have selected PPT instead of dTPM

!! Important when you select Secure Boot Standard it sets TPM to dTPM (wrong choice)

PTT >>

This model for system security got a face-lift when Intel introduced the Intel Platform Trust Technology (PTT) architecture, which implements TPM in system firmware. To your operating system and applications, PTT looks and acts like TPM. The difference is, computers with Intel PTT don't require a dedicated processor or memory.

 

[Alan J T]

Well guys and girls this app will tell you why so you know what you have to fix

WhyNotWin11.zip

drive.google.com

 

[citay]

go back to TPM section and make sure you have selected PPT instead of dTPM

!! Important when you select Secure Boot Standard it sets TPM to dTPM (wrong choice)

Yes, i've also mentioned this in this same thread twice already,
https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066837 and

https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066872

dTPM means discrete TPM, a seperate TPM chip.

discrete
1 : constituting a separate entity : individually distinct

 

[michael.garcia070152102d3]

i have enable TPM in bios but still compatible TPM not found.. my hardware AMD Ryzen 7 3700x , MSI X570 A-Pro

anyone know the solution? pls help

 

[citay]

i have enable TPM in bios but still compatible TPM not found.. my hardware AMD Ryzen 7 3700x , MSI X570 A-Pro

Does it look like this, fTPM is selected?

 

[DubStepMad]

I don't know what the problem is? If you have installed Windows 10 before in CSM mode, and then switch the BIOS to UEFI mode, the previously installed Windows 10 will no longer boot. UEFI needs a drive with GPT, not MBR. Therefore the BIOS might load by default. But it's a good thing to set the BIOS to UEFI mode if you plan to do a fresh install, because CSM/Legacy mode is outdated.

So you set it to UEFI mode, you enabled Secure Boot in Standard mode. What you didn't do is enable the fTPM (firmware TPM).
See the first post, the screenshot of the BIOS for AMD: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066735




Just enable fTPM ("PTT") in BIOS: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066837

With most recent mainboards, a seperate (discrete) TPM 2.0 module is NOT NECESSARY. The boards come with a firmware TPM that works just as well, you only need to enable it in the BIOS.

The windows was installed in CSM mode, I thought it was a feature which could be turned on rather than installing windows again to resolve it.

This screenshoot is not correct for the beta bios: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066735

It looks like this: (random image from the web)

 

[Rekov]

Is there a list of all of the motherboards which have the bios TPM option? I have an MSI Z370 SLI PLUS (MS-7B46).

 

[wolfwest7154302d9]

Note. Below information is based on current latest Microsoft release document (2021/06/25)
Windows Requirement
View attachment 149756
Secure Boot capable (Not necessarily to be enabled)
TPM version 2.0 (fTPM or dTPM)

For information of MSI TPM 2.0 card (dTPM)
https://www.msi.com/Motherboard/TPM-20-Module

Test your compatibility with Windows 11
Windows Official Test Tool

Step to enable relative BIOS options, you can check the video below. (fTPM)

Windows11check_howtoenableTPMonMSImotherboards.mp4

drive.google.com

Intel Platform
BIOS\Settings\Security\Trusted Computing\TPM Device Selection
View attachment 149758
AMD Platform
BIOS\Settings\Security\Trusted Computing\AMD fTPM switch
View attachment 149759

For more detail information, you can visit Microsoft website.
https://www.microsoft.com/en-us/windows/windows-11

i have msi 970 gaming , but i cant find tpm in bios. how i can setting tpm ?

 

[dvair]

Is there a list of all of the motherboards which have the bios TPM option? I have an MSI Z370 SLI PLUS (MS-7B46).

I have the Z370 Gaming M5 and the TMP option is working using the built-in stuff on the processor/chipset.

 

[kornm123]

I have a X470 Gaming Plus MB with the Beta bios as I have an Ryzen 7 3700x.

View attachment 149776
1. Changed from CMS to UEFI.
2. Enabled Secure boot.
3. Installed the keys as I was stuck in user mode.
4. Disconnected all drives but the OS one (M.2 drive)

Still boots directly into the bios.

If I have to get a new motherboard I have no issue doing so (please recommend some).

I think of buying a Z590 PRO WIFI board (for W11 and also for NVMe 4) .
1. I seem unable to find in the docs if I have to buy a TPM2 module for it. Is there a built-in TPM? My Z170A PC Mate has it...
2. May I assume that any 11 gen processor will support NVMe 4?
Regards!
Marcel

 

[citay]

Like i said, pretty much all the boards from the last 5-6 years will have a firmware TPM, so there's no need for a discrete TPM chip. If your board is not older than that, don't worry.

2. May I assume that any 11 gen processor will support NVMe 4?

You mean PCIe 4.0? Yes. All Rocket Lake CPUs have PCIe 4.0 x4 lanes for the first M.2 slot and x16 for one graphics card slot (or two, if you can split the lanes to x8/x8, but SLI is dead anyway).
NVMe (Non-Volatile Memory Express) is the protocol used to address SSDs over PCIe, there is no version for that.

This screenshoot is not correct for the beta bios: https://forum-en.msi.com/index.php?threads/windows-11-question-tpm.364320/#post-2066735

It looks like this: (random image from the web)
View attachment 149830

It doesn't depend on beta vs. final BIOS, it's about your board, you have a mainboard model where they ended up using a a "light version" of their normal BIOS, because of size restraints with the BIOS ROM size. They later released MAX versions of a lot of those mainboards that came with a larger BIOS chip and have the full graphical BIOS again.

I explained the reasons here: https://forum-en.msi.com/index.php?...plus-bios-now-click-bios.362056/#post-2054634
and here: https://forum-en.msi.com/index.php?...-after-windows-10-update.360984/#post-2049139

Your "light BIOS" should still have all the options, it's just more text-based than the graphical one.

 

[DubStepMad]

Like i said, pretty much all the boards from the last 5-6 years will have a firmware TPM, so there's no need for a discrete TPM chip. If your board is not older than that, don't worry.




You mean PCIe 4.0? Yes. All Rocket Lake CPUs have PCIe 4.0 x4 lanes for the first M.2 slot and x16 for one graphics card slot (or two, if you can split the lanes to x8/x8, but SLI is dead anyway).
NVMe (Non-Volatile Memory Express) is the protocol used to address SSDs over PCIe, there is no version for that.




It doesn't depend on beta vs. final BIOS, it's about your board, you have a mainboard model where they ended up using a a "light version" of their normal BIOS, because of size restraints with the BIOS ROM size. They later released MAX versions of a lot of those mainboards that came with a larger BIOS chip and have the full graphical BIOS again.

I explained the reasons here: https://forum-en.msi.com/index.php?...plus-bios-now-click-bios.362056/#post-2054634
and here: https://forum-en.msi.com/index.php?...-after-windows-10-update.360984/#post-2049139

Your "light BIOS" should still have all the options, it's just more text-based than the graphical one.

Thank you for the information, so regarding this I would have to install windows again?

 

[citay]

Thank you for the information, so regarding this I would have to install windows again?

For the time being, you can keep the BIOS in CSM mode, so that you don't have any trouble with your existing installation. Then one day, when you want to install Windows 11, switch it to UEFI first.