TPM Modules, Oh joy!

Well guess what, Microsoft has decided Windows 11 is going to require TPM (Trusted Platform Module) in order to run it. Thats right, while OEM’s have been providing TPM in there PC’s for a few years now everyone that built DIY PC’s will need to provide support.

While all mainstream motherboard manufactures have been providing TPM support in the form of headers and bios support, PC builders will need to buy a TPM module to install in their motherboards TPM header and enable it in the bios to run Windows 11.

I smell the next PC Part shortage coming… in the format of TPM modules. What are your thoughts on the matter, is Microsoft right to require this? Are you ok with having to install a TPM module? Comment below.

Cheers!

Buddy have you checked tpm prices they are in the hundrrds

1 Like

Just checked eBay, your right. Not good… B&H had them, sold out, now backorders.
https://www.bhphotovideo.com/c/product/1237446-REG/asus_tpm_m_r2_0_14_1_pin_tpm_module.html

Yup…it has begun. I went on yesterday to grab a chip for my aorus master and they were upwards of $100 for a $20 item. Good summary here: https://www.tomshardware.com/news/tpm-modules-unobtainable-expensive-windows-11

Most newer AMD CPUs include a built in firmware TPM, intel have something similar. So it’s worth checking that first

1 Like

On quite a few platforms it is disabled by fault. Gotta change it in the bios. What a headache if you want to help your friend update.

Yeah, was just reading about that, I don’t think Intel X299 has that support as manual shows the TPM header.

Yeah I found that as well, plus you need to look out for secure boot and that your OS partition is using gpt (hopefully it is for most people). Easier than buying a hardware module though :smiley:

Been quite a few years since the TPM chip was in the buzz-fizz.
Smells like they are turning like apple on how to lock things in. For the desktop, there’s already TPM-headers on plenty on boards, not completely sure they will be in short supply tho, the mediocre user I would guess would grab a new machine, companies continue on with current stock and buy adjusted hw for next period - perhaps they can boast a HW bundle… (sarcastic and realistic at the same time, scary).

I think every CPU in the last 10 years has some kind of TPM implementation doesn’t it?

2 Likes

I am unaware of any implementations with the CPU. In chipets yes by intel, and a close variation as firmware TPM’s that executes within the CPU’s trusted execution environment .

Many motherboards support a TPM socket even if they also have CPU fTPM support. Some people move the TPM from board to board. They can be used to store things besides Bitlocker keys, like the private keys and certificates for web servers. So these people want a removable TPM they can move around like a USB drive.

So just because there is a TPM socket on the board does not mean that you need to use it.

Well, if it’s not just a firmware jinx to be used, you need the hardware for it in my understanding. Any additional light you can shed on my statement?

For example, this desktop PC I am using right now is a Ryzen 5950 on an ASUS X570-PRO motherboard. This board has a TPM socket, but I am using the fTPM support of the Ryzen. This has to be enabled in the BIOS and is not on by default.

Works fine in Linux and Windows.

I have no idea what you meant by “a firmware jinx”.

1 Like

Looks like Intel has

Intel Platform Trust Technology (PTT)

For firmware based TPM…

I just hope MS’s requirement of TPM means that they have fixed some of the ‘bugs’ that exist in their hardware products.
We have been using TPM enabled systems for years, mostly Dell Latitude laptops and Surface Pro’s…
We have had to be careful when upgrading bios in the Dell’s and sometimes just patching the Surface Pro.
Bitlocker comes up in recovery mode claiming that the TPM chip has changed. Usually if you suspend bitlocker during the upgrade it is ok, but
as a result some folks on or staff are very hesitant to do firmware updates after a system is deployed.

That’s a feature not a bug.

Part of how Bitlocker works in ensuring that the boot process was secure is knowing if any change to the boot process has occurred. Even things like the BIOS taking a few seconds longer to do something than before will trip Bitlocker. Upgrading BIOS will for sure trip Bitlocker. Sometimes even just upgrading Windows will trip Bitlocker. Swapping out hardware? Bitlocker will trip. Anytime you’re going to be changing anything to the boot process you should either have your key handy, or better yet, just suspend Bitlocker.

Seems like a properly signed firmware update in the appropriate equipment should not do that, Moving to a new/different system, yep.

So if one uses a firmware TPM, might that lock the install, and activation key, even tighter to the motherboard?

Iirc, if you move win10 to a different motherboard, it might deactivate it, and you simply have to re-activate it.

I know win11 is not Out out, but might this make an install less transferable?

just if anyone wants to run win11 w/o tpm this works for bootcamp installs aswell

2 Likes