z590a pro: where to buy the TPM 2.0 module 9672?

Joined
Feb 12, 2023
Messages
1
I just bought two of the z590a pro MBs for new builds, and can't seem to figure out which TPM 2.0 module I need to buy - the literature says the 9672 is what I should get seeing as that's certified through 2026 and Windows 11 compatible, but all I can find for sale is the 4462 module (genuine or clones) - where do I obtain the newer model? And if that's not available, is the 4462 updateable and supported for Windows 11 installation? I could easily patch out the TPM requirement but I would rather install legit for a change...
 
Correct. With most newer systems, the CPU's have integrated fTPM 2.0 compliance built in, it just needs to be enabled within the BIOS. Anything that is intel 9th gen or newer, or AMD 2nd gen or newer, should support fTPM 2.0 via the BIOS.
 
Correct. With most newer systems, the CPU's have integrated fTPM 2.0 compliance built in, it just needs to be enabled within the BIOS. Anything that is intel 9th gen or newer, or AMD 2nd gen or newer, should support fTPM 2.0 via the BIOS.
But is there a place to buy the 9672? I understand how the fTPM system works but would still like to purchase this unit.
 
But is there a place to buy the 9672? I understand how the fTPM system works but would still like to purchase this unit.
I'm not aware of any place to purchase this from. Ebay or possibly contact MSI to see if they can have a recommendation.
 
Went down this rabbit hole a little. Looks like they are not readily available. I have an MSI MPG Z590 GAMING PLUS LGA 1200 Intel Motherboard. If you have any luck let me know.

Here is the compatibility guide: https://storage-asset.msi.com/file/test_report/TR34_18957.pdf

Looks like the 9672 isn't even listed on MSI's US store: https://us-store.msi.com/search&search=TPM 2.0

I found an eval board listing for the chip but it's also completely out of stock: https://www.avnet.com/shop/us/produ...5648591188?CMP=EMA_Octopart_inventoryfeed_VSE
 
I'm not sure why people are looking for a module to add.....just enable the fTPM on the CPU and it doesn't need one.....That's sort of the reason it's there.
 
I have the MS-4462 on my Z590 Gaming Force, it works with no issues. For what it's worth the actual chipset on it is Infineon 9670.
 
Adding this for future rabbits going down the hole.
The TPM 2.0 Module is a physical security chip versus the CPU software driven TPM 2.0 through the BIOS . Since the BIOS software can be hacked. This adds additional security above and beyond the CPU TPM, upon install of the module you disable the CPU TPM in the BIOS.

"The TPM (Trusted Platform Module) enhances security above and beyond the capabilities of consumer software, which is also used to keep your PC running well. MSI TPM2.0 Module enables a deeper and broader level of security coverage."
MSI USA
TPM209672.pdf (msi.com)
Motherboard compatibility list. TPM2.0 compatible list.xlsx (msi.com)
Search - MSI-US Official Store
 
Adding this for future rabbits going down the hole.
The TPM 2.0 Module is a physical security chip versus the CPU software driven TPM 2.0 through the BIOS . Since the BIOS software can be hacked. This adds additional security above and beyond the CPU TPM, upon install of the module you disable the CPU TPM in the BIOS.

"The TPM (Trusted Platform Module) enhances security above and beyond the capabilities of consumer software, which is also used to keep your PC running well. MSI TPM2.0 Module enables a deeper and broader level of security coverage."
MSI USA
TPM209672.pdf (msi.com)
Motherboard compatibility list. TPM2.0 compatible list.xlsx (msi.com)
Search - MSI-US Official Store

That is just marketing talk, don't fall for it. They can fix security holes via BIOS updates. I would never buy a discrete TPM module for a platform that already has an integrated fTPM 2.0, it's just a waste of money. Most attacks regarding these kinds of vectors would require sitting in front of the device, or already having a heightened level of access to it somehow, an "average joe" end user simply has a vanishingly small chance of ever becoming victim of such an attack. Even sitting in front of a computer, there are much easier ways to compromise it, and an attacker will choose the path of least resistance, not a complicated one like an fTPM hack.

As long as there are people opening spam mails and believing whatever is claimed in there, as long as social engineering works a treat, the attackers will always go for the low-hanging fruit first. And for a lot of these complex exploits to work, something else must've gone wrong first, for an executable to be run on the system which will then try to elevate access. By buying a dTPM chip and thus making an unlikely attack vector more secure (if that's even the case), you just end up battening down the wrong hatches. It's much more important to keep all your software up-to-date, like e-Mail program, browser and so on, and Windows itself of course.
 
That is just marketing talk, don't fall for it. They can fix security holes via BIOS updates. I would never buy a discrete TPM module for a platform that already has an integrated fTPM 2.0, it's just a waste of money. Most attacks regarding these kinds of vectors would require sitting in front of the device, or already having a heightened level of access to it somehow, an "average joe" end user simply has a vanishingly small chance of ever becoming victim of such an attack. Even sitting in front of a computer, there are much easier ways to compromise it, and an attacker will choose the path of least resistance, not a complicated one like an fTPM hack.

As long as there are people opening spam mails and believing whatever is claimed in there, as long as social engineering works a treat, the attackers will always go for the low-hanging fruit first. And for a lot of these complex exploits to work, something else must've gone wrong first, for an executable to be run on the system which will then try to elevate access. By buying a dTPM chip and thus making an unlikely attack vector more secure (if that's even the case), you just end up battening down the wrong hatches. It's much more important to keep all your software up-to-date, like e-Mail program, browser and so on, and Windows itself of course.
DTPM stands for "Discrete Trusted Platform Module," and it refers to a specialized hardware component that provides enhanced security features for computer systems. A Trusted Platform Module (TPM) is a secure microcontroller that stores cryptographic keys, performs cryptographic operations, and provides secure storage for sensitive information.

While TPMs, including FTPM (Firmware Trusted Platform Module) and PTT (Platform Trust Technology), are commonly used for general-purpose computing and consumer computers, DTPMs are specifically designed for high-security environments. DTPMs offer additional security measures and are often required by organizations dealing with ultra-sensitive data, such as defense contractors.

Certification to the Federal Information Processing Standard (FIPS) is a rigorous process that ensures the security and compliance of cryptographic modules, including TPMs. FIPS certification guarantees that a TPM adheres to the standards set by the National Institute of Standards and Technology (NIST) in the United States.

In summary, DTPMs are used in high-security environments and are specifically required by organizations dealing with ultra-sensitive data. They provide advanced security features and may undergo FIPS certification to ensure compliance with established standards. On the other hand, FTPM and PTT are more commonly used for general-purpose computing and consumer computers.
 
Last edited:
Ok, so are you a diplomat, an embassy employee or something like that? No? Then you don't really need a dTPM. People in sensitive positions, yes, i absolutely agree, they need to take all security measures they can, because they are common espionage targets and so on. But you and me at home, nobody's gonna try to break into our system by hacking the fTPM of all things.
 
Ok, so are you a diplomat, an embassy employee or something like that? No? Then you don't really need a dTPM. People in sensitive positions, yes, i absolutely agree, they need to take all security measures they can, because they are common espionage targets and so on. But you and me at home, nobody's gonna try to break into our system by hacking the fTPM of all things.
Just sharing information for folks that are dealing with sensitive information and want a Higher Level of Security. You are correct, the average Joe only needs the provided FTPM or PTT turned on in their BIOS / UEFI.
 
No one in secure environments is going to be running around with an MSI motherboard or laptop (don't bother asking me how I know.....), so this really shouldn't have been a conversation.
 
You disagree?
Not trying to start a fight, if you want an extra level of security the DTPM (defense contractor ... etc.) is the way to go, for Joe Blow the consumer FTPM or PTT is fine. I know folks that work for defense contractors and they run all over the USA with laptops.
 
Not trying to start a fight, if you want an extra level of security the DTPM (defense contractor ... etc.) is the way to go, for Joe Blow the consumer FTPM or PTT is fine. I know folks that work for defense contractors and they run all over the USA with laptops.
And you can believe that those laptops are locked down. No fight here, but no one dealing with national security issues keeps data on a home built pc unless they're seriously violating some laws.
 
And you can believe that those laptops are locked down. No fight here, but no one dealing with national security issues keeps data on a home built pc unless they're seriously violating some laws.
Totally agree but I can Log into work with my personal desktop computer (Not sharing any more than that). What started this whole conversation is the FTPM or PTT (BIOS software) can be hacked if one wants a higher level of security go with DTPM (a physical device). DTPM can be hacked but the hacker would need to get ahold of the device.
 
No one in secure environments is going to be running around with an MSI motherboard or laptop (don't bother asking me how I know.....), so this really shouldn't have been a conversation.
yeah this isn't true at all. our center is running these boards because they were cheap and we need to use dedicated TPM modules per our policies.

edit: the boards we're using are z590-a-pro
 
Last edited:
Back
Top