Forum Discussion
TPM Attestation Not Supported after AMD Ryzen Upgrade
After looking into this and based on the information you have provided, it seems that the issue may be related to the TPM firmware version not being compatible with the newer AMD Ryzen 7 5700x CPU. To troubleshoot this issue, you may want to try the following:
Check the TPM firmware version: Check the TPM firmware version in the BIOS settings to see if it's up to date. If it's not up to date, update the firmware to the latest version available on the motherboard manufacturer's website.
Check the TPM module connection: Check the TPM module connection to ensure that it's properly connected and seated in the motherboard.
Check for any conflicting settings: Ensure that there are no conflicting settings in the BIOS that could be causing the issue. For example, if there's an option to enable both the fTPM and the hardware TPM, try disabling one of them to see if it makes a difference.
Contact the motherboard manufacturer: Contact the motherboard manufacturer's technical support team for further assistance. They may be able to provide additional troubleshooting steps or suggest a solution to the problem.
Consider rolling back the BIOS update: If you recently updated your BIOS, consider rolling it back to the previous version to see if that resolves the issue. Some BIOS updates can cause compatibility issues with hardware components.
It's worth noting that TPM attestation is not required for the TPM to function as a secure storage for encryption keys, so if you're not planning on using attestation, this issue may not be a significant problem for you. However, if you require attestation, you may need to explore other options, such as using a separate hardware TPM module that's compatible with your system.
problem still persists, i've done all that, latest bios, Asus x370f-gaming board, cpu Ryzen 7 5700x, even used some powershell commands to try to reset TPM status
Hey Mark,
thanks for your response.
1. I'm running the latest stabile BIOS Version. There is a version released a few days ago but its still beta and targets the Ryzen vulnerabilities ("Mitigate the AMD potential security vulnerabilities for AMD Athlon™ processors and Ryzen™ processors"). I dont really want to install a beta bios.
2. The TPM is a Firmware TPM by the CPU there are no TPM Modules on the board. There are no connectors for a discrete TPM either.
3. In the ASUS BIOS there is a switch for the AMD fTPM Module - which I enabled. After the reboot there was a new option für Trusted Computing which I enabled aswell - in this section I can set all the options for the TPM such as version, etc. I have to enable both of these features in order to get the TPM recognized in Windows.
4. I contacted ASUS Support, but didnt get a reply yet.
You said that TPM attestation is not required. What exactly is attestation for?
For me as a standard User (Office Apps, Gaming and Entertainment) do I ever need attestation?
Next question: How are the EK Certs generated? Are they branded by the manufacturer or are they obtained by the OS when booting for the first time?
When I use get-TpmEndorsementKeyInfo -hash "sha256" in Powershell my old Ryzen has a cert from 2018 and my new Ryzen has no certs.
