Change from discrete TPM to Firmware TPM.

Solitario

Solitario

Well-known member
Joined
Jun 23, 2015
Posts
403
Location
Argentina.
Hello, when I type tpm.msc it tells me that the compatible TPM is not found. In the BIOS (Asus rog strix b250f gaming) it is set to discrete but I have the option to change it to TPM firmware. The problem is that in the BIOS itself tells me that if I change from discrete to firmware TPM all the information stored in the discrete TPM is going to be deleted. Does this have any consequences? Can I change that option without problems? Or better to leave everything as it is? Well that's my query. Thank you very much in advance. Best regards.
 
Not sure why you would want to change this but without knowing more about your system (for example, the OS), it would be hard to say what would happen. That said, typically, at least with W10, if you clear the TPM, W10 will [or is supposed to] reinitialize and take ownership of it again.

For more information about TPM, see https://docs.microsoft.com/en-us/wi...otection/tpm/trusted-platform-module-overview

BTW, I get the same message when I type tpm.msc too.
 
Hello, thank you very much for your reply. I have windows 10 Pro x64. I want to change that option so that win recognizes me the TPM and enables me the firmware protection integrated in the operating system in the windows security section. What do you mean that windows with that windows will be reset? I don't understand much about these issues. Very grateful for your help. Best regards.
 
Hi there,

I am no expert when it comes to TPM so please take what I say with a slight pinch of salt. But here's what I would do if I were in your position.

1) Windows says there is no TPM currently registered. Therefore, taken at face value, if you trust that, you have nothing at all to worry about. You can't go losing private keys if Windows hasn't stored any.

2) I suggest you check that there is no discrete TPM installed. They look like a little PCB sticking up from your motherboard. Check carefully and if you can't see one - then there is no discrete TPM and so nothing to worry about from the message. You can't lose data stored on the discrete TPM if there is no discrete TPM.

https://www.scan.co.uk/products/asu...le-tpm-m-r20-141-pin-model-skylake-compatible

3) Particular cases to be extra careful: I would suggest additional caution if you have BitLocker or any other full disk drive encryption installed, any highly secure program which insists on storing its licencing or other data on a TPM, or if you have used this computer to generate important digital certificates. If you are not aware of any of these - or you are not aware of any of these are - then it's highly likely that it wouldn't matter even if you did lose TPM data. If you even had one in the first place which it looks like you don't.

Ultimately, I think you can safely ignore this message because Windows doesn't see a TPM. For extra peace of mind, you may wish to physically check that there isn't one attached to your motherboard. And if there isn't, worry not about "losing" any data (not) stored.

All the best,

Richard
 
I agree with what Richard has said. It is my understanding, TPM is primarily used (and in part, due to the license agreement with Microsoft) on factory made computers where Windows is installed at the factory. This is partly for security, but I think mostly to help control software piracy.

In reality, it takes away some of the flexibility home builders have. TPM is more practical in a corporate environment. As Richard noted, you can add it to your system, but, if this is for a personal home computer, other than peace of mind, I don't really see the value.

If you are concerned about security, your best best is to make sure Windows is kept current, that you use a decent antimalware solution (I use Windows Defender as my primary, and Malwarebytes as a double checker), and you avoid being click happy on unsolicited downloads, links attachments and popups.

Here's some more info on it: https://www.howtogeek.com/237232/what-is-a-tpm-and-why-does-windows-need-one-for-disk-encryption/
 
Hi, thank you so much for your answers. I always say that this is the best forum to learn. All I have is biometric security with Windows Hello. I don't have the disk encrypted. I'll try from the BIOS to see what happens then come back with comments. I thank you both again. Best regards.
 
From my understanding, for home users, TPM might help if a bad guy gains physical access to your computer. That is, they must sit down at your desk, attach an external drive and attempt to hack your data. How likely is that to happen?
 
I've already changed the option. The PC was restarted twice and then started normally without problems. The firmware protection is only for the eighth and ninth generation processors only? I have a seventh generation and the option does not appear in Windows security. Any ideas on this subject? And answering what the Moderator asked me, there is no possibility of that happening. Thank you very much. Best regards.
 
Hello so the topic was created, i.e. my initial question, was already resolved. You can close this topic. I'm going to create another one in the Windows section to see if someone can help me. Thank you very much. Best regards.
 
Solitario said:
I've already changed the option. The PC was restarted twice and then started normally without problems. The firmware protection is only for the eighth and ninth generation processors only? I have a seventh generation and the option does not appear in Windows security. Any ideas on this subject? And answering what the Moderator asked me, there is no possibility of that happening. Thank you very much. Best regards.
Click to expand...

Hi again,

I don't think this is correct. I believe that Firmware TPM can run on even some very old CPUs, as it only depends on Intel Trusted Execution Technology (TXT): https://ark.intel.com/Search/FeatureFilter?productType=processors&TXT=true

Firmware TPM is not the same as Discrete TPM, but nor is it the same as Integrated TPM.

My understanding is that a Firmware TPM is a software only solution relying on TXT for security (this works on quite a lot of old hardware) whereas Integrated TPM is a physical TPM embedded within the CPU chip, and this only exists in some new hardware.

Again this is only my best understanding, this isn't really my field of expertise.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top