ASUS motherboards Ready for Windows 11

Well, if you believe it's not true, then maybe you should tell me why.

Isn't it normal that if you add a chip all codes go through that chip. Why would CPU handle what the chip was made for?

I'm not saying your wrong but that's what I was always led to believe. It's like on board video CPU handles video,video card added, video card handles image.

At least that's what I think.

And no, your not an Ahole for asking. Besides, I asked the same question for PSUs and I learned something.

Zardoc said:

Well, if you believe it's not true, then maybe you should tell me why.

Isn't it normal that if you add a chip all codes go through that chip. Why would CPU handle what the chip was made for?

I'm not saying your wrong but that's what I was always led to believe. It's like on board video CPU handles video,video card added, video card handles image.

At least that's what I think.

And no, your not an Ahole for asking. Besides, I asked the same question for PSUs and I learned something.

Click to expand...

It's up to you to prove your claim.

OK, I wasn't expecting to get that question, but here is a statement from the team at Notebook check.

<<As far as we can tell, there is only one downside to using Intel PTT or AMD PSP fTPM over a dedicated TPM 2.0 chip. If you enable BitLocker, then all your keys will be saved to your processor, not a separate chip. Hence, changing your processor will remove your BitLocker keys and will cause problems. Not enabling BitLocker would avoid these problems, though. >>

How do we know which is actually being enabled if you have both? Does one override the other? In which case who is the boss? Or are there two TPM settings in the bios?

clam1952 said:

How do we know which is actually being enabled if you have both? Does one override the other? In which case who is the boss? Or are there two TPM settings in the bios?

Click to expand...

Good question. I suspect that the BIOS might sort this out but who knows. FWIW,., if your motherboard supports TPM there's no need to get a separate chip. It would be a huge waste of money given what the current prices are.

Zardoc said:

OK, I wasn't expecting to get that question, but here is a statement from the team at Notebook check.

<<As far as we can tell, there is only one downside to using Intel PTT or AMD PSP fTPM over a dedicated TPM 2.0 chip. If you enable BitLocker, then all your keys will be saved to your processor, not a separate chip. Hence, changing your processor will remove your BitLocker keys and will cause problems. Not enabling BitLocker would avoid these problems, though. >>

Click to expand...

Processor has no storage. PTT/TPM encrypts the volume master key and will not provide the decryption key unless certain conditions aren't met (for instance it won't if your OS changes). The CSME has an isolated SRAM of ~1.5 MB. I believe this may be in the CPU chip, but it is isolated from the Host (not memory mapped) in any case. Could be off-chip and accessed thorough the chip sram controller. I think the latter.

BunnyJ said:

Good question. I suspect that the BIOS might sort this out but who knows. FWIW,., if your motherboard supports TPM there's no need to get a separate chip. It would be a huge waste of money given what the current prices are.

Click to expand...

@Zardoc should be able to answer this as he has both.

I've been doing some reading and there are a bunch of articles that say nay and others the other way. The black hat article is very concise and was mentioned on the wikipedia article with tests back in 2010 about TPM.

Discrete TPM (what I installed) i are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package.
Firmware TPM (FTPM) is what you see with PTT
Trusted Platform Module - Wikipedia

PTT runs with CSME (Intel Converged Security and Management Engine)
1. Silicon Initialization
2. Manageability
3. Security

PTT works for DRM, Boot guard, UEFI and other goodies.
https://www.intel.com/content/dam/w...documents/intel-csme-security-white-paper.pdf

Compared to a chip it's not the safest. I'm not talking about just booting Windows 11 but encryption.
INTEL-SA-00213
A patch was made but does not fully protect against the chipset key from being extracted

Yes it's true CSM is not in the cpu. The secure block uses Static Random-Access Memory.
solated from host and that cannot be probed via the chipset’s external interfaces. The size of the SRAM ranges from 512KB to
1,920KB, depending on the Intel CSME SKU. The amount of SRAM required on a SKU depends
on the set of applications that the SKU supports.
• ROM (Read-Only Memory) is the HW root of trust of Intel CSME firmware

I'm still not sure but information that I read from a few places mention that bitlocker info will be lost if the cpu is changed but I can't say for sure.
Some mention no if it's in the active directory when using servers, but I haven't tested so I can't say.


Now is having a dedicated chip cost effective? if it's only to run Windows 11 the answer is a definite NO.
If you plan to run encrypted hardware or other security options, a chip seems to be more secure.

Can Windows tell the difference between a chip and PTT if it's available? Again, it's the same question as having onboard video or not.

I haven't tried it out but I certainly will as soon as they enable a bios update for my Z270.

Just want to point out that discrete TPM chips have also ad their vulnerabilities. A couple:



Nowhere is safe. Now excuse me while I put on my tinfoil hat back on.

Isn't this referring to FTPM?
Now perfect in computer management? Never heard that word.

Zardoc said:

Isn't this referring to FTPM?
Now perfect in computer management? Never heard that word.

Click to expand...

??? What I posted were CVE for chips. You said you prefer chips rather than firmware and listed a PTT vulnerability. I am just saying that chips Plug-in TPM modules) can also be vulnerable.

So, how to setup this two items in Asus AMD BIOS? on is enable CPU TPM 2.0 and the second for RESET TPM, this second has to be Disabled, then? thx

Even if you decided to add a chip to your board, I can't imagine you not being able to use it vs the CSME option. How, I don't know yet because I haven't seen it enabled on my board or seen other comments about it. I'll try to find something and I think @geneo is pretty good at finding stuff and will surely help us out .

Now as to being a huge waste of money buying a TPM chip is relative.

I paid 30 Canadian dollars for my chip and I see them now at 22,99$ which is not overkill compared to those enthusiasts who will pay more than 2000$ to buy a rig to surf the internet and watch YouTube.
To me, that's a huge waste of money but again it's relative.
How many of us will agree to pay way more than needed for a car, a TV, a phone, a piece of clothing and so on than what is within our needs?

That's how we are. Some us stay within budget and some us, well the Mastecard bill asks us every month, < was it a good idea? >

That's how we are, it's called enthusiasts and enthusiast aren't always reasonable. Like me for instance, it's the first time I decided to splurge on a STRIX board.
Did I need to pay 200 bucks more for a board that can do pretty much the same for my needs as a Z590 Prime would?

NOPE, but I like the option of having WiFi and BT and more USB high speed ports. That's my choice and it probably is a waste of money besides, my wife has already told me that.

My best overkill splurge was my G46 ROG that I bought about 8 or 9 years ago from HID in California. Man, I love that laptop. I had it boosted a bit by adding a 3920XM extreme CPU, killer WiFi, a Samsung SSD, Antiglare 1600X900 screen.
Was that overkill? It sure was and I don't regret a bit my purchase. Funny thing is that when you import from the States to Canada you have to pay a sales tax. I wasn't charged a penny (saved 300$)

The point is you or anyone doesn't need a separate chip if your motherboard supports TPM 2. When non enthusiasts arrive here it's going to confuse them and have them running around for a part the likely don't need. All they have to do is enable TPM 2/Secure boot and that requirement is set. No extra part needed.

What about Asus X99 Rampage Vi Extreme edition 10 Motherboard as i have a tpn card added , i7 6950x Cpu cost over $2000 . not happy Microsoft grrr

BunnyJ said:

The point is you or anyone doesn't need a separate chip if your motherboard supports TPM 2. When non enthusiasts arrive here it's going to confuse them and have them running around for a part the likely don't need. All they have to do is enable TPM 2/Secure boot and that requirement is set. No extra part needed.

Click to expand...

I don't think that people are that confused.

Zardoc said:

I don't think that people are that confused.

Click to expand...

You sure about that? Given the current discussions we're having I wonder. Also, when 11 hits the street and new members hit wondering how to enable TPM 2 I sure hope they don't get advised to get a chip if they don't need it. That would be both a waste of time and money. While enthusiasts don't care about spending money on parts the average person might. We have to keep that in mind.

Zardoc said:

I don't think that people are that confused.

Click to expand...

I am 100% confident that every average Joe Windows user is confused about TPM.

SlicEnDicE said:

I am 100% confident that every average Joe Windows user is confused about TPM.

Click to expand...

Yes,, and when they come here I sure hope we can give them clear cut answers. Shawn's tutorials should be recommended to keep the level of confusion down. Well, as much as possible

BunnyJ said:

You sure about that? Given the current discussions we're having I wonder. Also, when 11 hits the street and new members hit wondering how to enable TPM 2 I sure hope they don't get advised to get a chip if they don't need it. That would be both a waste of time and money. While enthusiasts don't care about spending money on parts the average person might. We have to keep that in mind.

Click to expand...

The one thing I hate the most about forums is that we can easily get over ourselves in a discussion.

The point is that people are buying chips because they want their computers to work with Windows 11 not because they want to use Bitlocker. You and I (I'm sure we agree on this) and all the pros here agree that YOU DON'T NEED to install a TPM chip to run Windows 11 if your board maker enables PTT (firmware TPM) in your bios.

The problem that arose in this discussion is that suddenly makers like Asus for instance decided to find a way to enable FTPM on boards that weren't at first supposed to have FTPM enabled like my Z270. Some of us purchased the chips because we wanted our boards to work with Win 11 without issues. And surprise, the chip prices are falling.

Now that board makers are enabling FTPM in more boards, the question is, users are wondering if their board will work if they keep the chip in. I don't see why not but can't confirm it as I don't have that bios update yet. Worst case scenario, I will remove the chip and yes it will have been a waste of money.

So, the conclusion of this is, if you want to install Windows 11 on your computer and don't want to waste your money on a TPM chip (if that option is available on your board), wait until Windows 11 comes out, wait for the final word from board makers on what boards will have it enabled and those that won't. This whole waste of money thing is that a lot of us jumped the gun (like buying all the toilet paper at Costco).