What's new

Change from discrete TPM to Firmware TPM.

Solitario

Well-known member
Joined
Jun 23, 2015
Messages
194
Hello, when I type tpm.msc it tells me that the compatible TPM is not found. In the BIOS (Asus rog strix b250f gaming) it is set to discrete but I have the option to change it to TPM firmware. The problem is that in the BIOS itself tells me that if I change from discrete to firmware TPM all the information stored in the discrete TPM is going to be deleted. Does this have any consequences? Can I change that option without problems? Or better to leave everything as it is? Well that's my query. Thank you very much in advance. Best regards.
 

Digerati

Forum Moderator, Hardware
Staff member
Joined
Aug 28, 2012
Messages
3,765
Location
Nebraska, USA

Solitario

Well-known member
Joined
Jun 23, 2015
Messages
194
Hello, thank you very much for your reply. I have windows 10 Pro x64. I want to change that option so that win recognizes me the TPM and enables me the firmware protection integrated in the operating system in the windows security section. What do you mean that windows with that windows will be reset? I don't understand much about these issues. Very grateful for your help. Best regards.
 

niemiro

Senior Administrator, Windows Update Expert, Developer
Staff member
Joined
Mar 2, 2012
Messages
8,405
Location
District 12
Hi there,

I am no expert when it comes to TPM so please take what I say with a slight pinch of salt. But here's what I would do if I were in your position.

1) Windows says there is no TPM currently registered. Therefore, taken at face value, if you trust that, you have nothing at all to worry about. You can't go losing private keys if Windows hasn't stored any.

2) I suggest you check that there is no discrete TPM installed. They look like a little PCB sticking up from your motherboard. Check carefully and if you can't see one - then there is no discrete TPM and so nothing to worry about from the message. You can't lose data stored on the discrete TPM if there is no discrete TPM.

https://www.scan.co.uk/products/asus-trusted-platform-module-tpm-m-r20-141-pin-model-skylake-compatible

3) Particular cases to be extra careful: I would suggest additional caution if you have BitLocker or any other full disk drive encryption installed, any highly secure program which insists on storing its licencing or other data on a TPM, or if you have used this computer to generate important digital certificates. If you are not aware of any of these - or you are not aware of any of these are - then it's highly likely that it wouldn't matter even if you did lose TPM data. If you even had one in the first place which it looks like you don't.

Ultimately, I think you can safely ignore this message because Windows doesn't see a TPM. For extra peace of mind, you may wish to physically check that there isn't one attached to your motherboard. And if there isn't, worry not about "losing" any data (not) stored.

All the best,

Richard
 

Digerati

Forum Moderator, Hardware
Staff member
Joined
Aug 28, 2012
Messages
3,765
Location
Nebraska, USA
I agree with what Richard has said. It is my understanding, TPM is primarily used (and in part, due to the license agreement with Microsoft) on factory made computers where Windows is installed at the factory. This is partly for security, but I think mostly to help control software piracy.

In reality, it takes away some of the flexibility home builders have. TPM is more practical in a corporate environment. As Richard noted, you can add it to your system, but, if this is for a personal home computer, other than peace of mind, I don't really see the value.

If you are concerned about security, your best best is to make sure Windows is kept current, that you use a decent antimalware solution (I use Windows Defender as my primary, and Malwarebytes as a double checker), and you avoid being click happy on unsolicited downloads, links attachments and popups.

Here's some more info on it: https://www.howtogeek.com/237232/what-is-a-tpm-and-why-does-windows-need-one-for-disk-encryption/
 

Solitario

Well-known member
Joined
Jun 23, 2015
Messages
194
Hi, thank you so much for your answers. I always say that this is the best forum to learn. All I have is biometric security with Windows Hello. I don't have the disk encrypted. I'll try from the BIOS to see what happens then come back with comments. I thank you both again. Best regards.
 

Digerati

Forum Moderator, Hardware
Staff member
Joined
Aug 28, 2012
Messages
3,765
Location
Nebraska, USA
From my understanding, for home users, TPM might help if a bad guy gains physical access to your computer. That is, they must sit down at your desk, attach an external drive and attempt to hack your data. How likely is that to happen?
 

Solitario

Well-known member
Joined
Jun 23, 2015
Messages
194
I've already changed the option. The PC was restarted twice and then started normally without problems. The firmware protection is only for the eighth and ninth generation processors only? I have a seventh generation and the option does not appear in Windows security. Any ideas on this subject? And answering what the Moderator asked me, there is no possibility of that happening. Thank you very much. Best regards.
 

Solitario

Well-known member
Joined
Jun 23, 2015
Messages
194
Hello so the topic was created, i.e. my initial question, was already resolved. You can close this topic. I'm going to create another one in the Windows section to see if someone can help me. Thank you very much. Best regards.
 

niemiro

Senior Administrator, Windows Update Expert, Developer
Staff member
Joined
Mar 2, 2012
Messages
8,405
Location
District 12
I've already changed the option. The PC was restarted twice and then started normally without problems. The firmware protection is only for the eighth and ninth generation processors only? I have a seventh generation and the option does not appear in Windows security. Any ideas on this subject? And answering what the Moderator asked me, there is no possibility of that happening. Thank you very much. Best regards.
Hi again,

I don't think this is correct. I believe that Firmware TPM can run on even some very old CPUs, as it only depends on Intel Trusted Execution Technology (TXT): https://ark.intel.com/Search/FeatureFilter?productType=processors&TXT=true

Firmware TPM is not the same as Discrete TPM, but nor is it the same as Integrated TPM.

My understanding is that a Firmware TPM is a software only solution relying on TXT for security (this works on quite a lot of old hardware) whereas Integrated TPM is a physical TPM embedded within the CPU chip, and this only exists in some new hardware.

Again this is only my best understanding, this isn't really my field of expertise.
 
Top