Question Can I install a TPM chip on Asus B85M-E?

tulaneksig

Distinguished
Apr 11, 2014
8
1
18,515
I see that there is a slot for a 20-1 pin TPM. Will it work buying a TPM 2.0 20-1 pin and plugging it in? I see it looks like there are a lot of "home made" or sketchy looking TPM chips to buy online. Can a TPM be compromised before I get it? TIA.
 
No, I don't really care about Win 11. I was hoping to use TPM to unlock 1Password with Windows Hello instead of using a password.
CPU is Intel i7-4790 @ 3.60 GHz

I'm trying the same thing, only on an AMD, AM3+, motherboard made by Gigabyte. All I want is to get Windows 10 working with the PIN and for whatever else it needs a TPM for 'Standard Hardware security' (UEFI w/ Secure Boot is already enabled). But there's not a lot of information available for what's needed, how it works or if it's successful. About the only thing I've seen is TPM 2.0 isn't supposed to work on another AM3+ motherboard, it has to be TPM 1.2. I went ahead and got a TPM 2.0 module for Gigabyte boards, $17 off Amazon Prime with guaranteed return if it proves to not work on mine. It delivers in a day so I'll know soon enough.

I also found a 20 pin TPM 1.2 module for Gigabyte boards, $12 off Amazon with delivery from China in a month. Not a lot to lose if it proves to not work either. I remember reading early on that Windows 10 (Windows 11 too, actually) would use TPM 1.2 but not sure if it true. I have read, though, that current builds of Windows 11 require TPM 2.0.
 
Last edited:
  • Like
Reactions: tulaneksig
No, I don't really care about Win 11. I was hoping to use TPM to unlock 1Password with Windows Hello instead of using a password.
CPU is Intel i7-4790 @ 3.60 GHz
Adding something else I have uncovered...

Your motherboard has to have a BIOS that supports full UEFI mode operation with Secure Boot enabled for Windows 10 (or 11) to utilize any TPM 2 for credential guard, device attestation, game anti-cheat and other features to work. If your BIOS does that but you can't enable UEFI mode then you may not have initialized the system drive in GPT partitioning scheme so you may have to convert it in order to enable it.

And an update: I got the TPM 2 device and installed it on my board. The BIOS recognized and "enable"d it but that's about all. Windows did not see it nor utilize it in any way. That can easily be blamed on unique board or BIOS capabilities (or lack thereof). That just makes it even more difficult to match a discrete TPM with a board if the board manufacturer doesn't sell one for it. I'll see what happens when the TPM 1.2 device comes in, hopefully it works.
 
Last edited:
  • Like
Reactions: tulaneksig

tulaneksig

Distinguished
Apr 11, 2014
8
1
18,515
I'm going to try mine today. I just got the TPM 1.2 and TPM 2.0 chips in the mail. One came from California and the other from China. Although I'm sure they both came from China originally. I'll post about how it goes.
 
  • Like
Reactions: drea.drechsler

JeffreyP55

Distinguished
Mar 3, 2015
559
134
19,070
I see that there is a slot for a 20-1 pin TPM. Will it work buying a TPM 2.0 20-1 pin and plugging it in? I see it looks like there are a lot of "home made" or sketchy looking TPM chips to buy online. Can a TPM be compromised before I get it? TIA.
TPM 2.0 is not supported by 4th gen i7's. 5th gen is the 1st gen to support 2.0. Live with what you have or upgrade.
 
  • Like
Reactions: tulaneksig
... Do you know if TPM 1.2 is supported?...

I got my TPM 1.2 device in today. It's working with Windows 10 which recognizes it and says it's ready for Attestation and Storage. Mine isn't an Intel board, but it is Gigabyte and made about the same time frame.

Did you get your 1.2 device and try it out?

I know it's not really necessary except as an anti-cheat for certain games (which I don't play) but I figured why not now that the price of these things came way down. I also imagine Microsoft could start using it more to enhance security, even with Win10. I know they use it for storing bitlocker keys and pretty sure for storing the PIN hash when using a PIN to log on.
 
Last edited:

tulaneksig

Distinguished
Apr 11, 2014
8
1
18,515
I got my TPM 1.2 device in today. It's working with Windows 10 which recognizes it and says it's ready for Attestation and Storage. Mine isn't an Intel board, but it is Gigabyte and made about the same time frame.

Did you get your 1.2 device and try it out?

I know it's not really necessary except as an anti-cheat for certain games (which I don't play) but I figured why not now that the price of these things came way down. I also imagine Microsoft could start using it more to enhance security, even with Win10. I know they use it for storing bitlocker keys and pretty sure for storing the PIN hash when using a PIN to log on.
Here is my update.
Installed TPM 1.2 and Asus BIOS recognized it. Then I read that 1Password requires TPM 2.0.

I got the TPM 2.0 chip and installed it. Confirmed that it shows up in PC Health Check when I ran Windows 11 compatibility check. The Intel i-7-4790 is not compatible with Windows 11 (which I knew) but 1Password is still not allowing sign in with TPM on Windows Hello. So still trying to figure out what is going on there.
 
Here is my update.
Installed TPM 1.2 and Asus BIOS recognized it. Then I read that 1Password requires TPM 2.0.

I got the TPM 2.0 chip and installed it. Confirmed that it shows up in PC Health Check when I ran Windows 11 compatibility check. The Intel i-7-4790 is not compatible with Windows 11 (which I knew) but 1Password is still not allowing sign in with TPM on Windows Hello. So still trying to figure out what is going on there.
What is PC Health Check? is it the app that tells you if your system is Windows 11 ready? That probably does only the most limited of checks.

Try the Device Security app, a Windows 10 system applet; type it in the Cortana search box. Also open the management console plugin, TPM.msc. They need to see and enable the TPM for Windows 10 to actually use it. If you do see the TPM in Device Security, click on Security Processor details. You should see status there, it has to be ready for both Attestation and for Storage.

Even if everything is ready, it's probably not going to work. I think I've read that Windows Hello for Business uses Credential Guard with attestation to store PIN's and CG is only available with TPM 2.0 on Win11. Recent Win11 updates have been pushing more security by showing me security warnings if I don't enable Core Isolation, Memority Integrity and LSAS for Credential Guard. MS is squeezing ever tighter on security.

Additionally: if your TPM uses an Infineon chip it may need it's firmware updated. You'll see a caution about that in the Device Security, Security Processor details screen.
 
Last edited: