Question Missing fTPM on ASUS TUF B450-Plus Gaming | Ryzen 5 2600X

[kamikaze4kanojo]

Hi,
Short version:
My AMD fTPM Configuration page doesn't have the one option that ASUS website identifies as needed to activate TPM for Win11. It wants me to set 'TPM Device Selection' to 'Discreet TPM'. However, my page only has "AMD fTPM Switch" (enabled/disabled) and "Erase fTPM NV for factory reset" (enabled/disabled). Both are enabled by default, but it appears my system is still not ready for Windows 11. Already flashed with latest bios (April 2022).

What I'm trying to achieve:
Currently on Win10. Going to be installing a fresh OS next on a new SSD next week, and figured it was the right time to get with Windows 11. Like many others no doubt, Microsoft's PC Health Check tool fails with "This PC must support Secure Boot". Originally it was failing due to TPM as well, but I fixed that by flashing bios with latest version. The Asus website most certainly DOES list my TUF B450-Plus Gaming on their Win11 supported page.

Is there anything else to be done? Should I just try installing Win11 anyway? Or just go Win10 again this time round, until my next motherboard upgrade (this is only 3 years old though, I got 10 years out of my previous system!)

Thanks so much!

 

[USAFRet]

Nothing wrong with staying on Win 10 for the next couple of years.
At least until you figure out the fTPM thing.

 

[kamikaze4kanojo]

Actually I do have a little more info, I tried to address "This PC must support Secure Boot" more specifically, and came across this in Bios:
Boot\Secure Boot => OS Type = Windows UEFI mode

This works, but PC Health Tool still has same complaint. Then I changed this as well:
Boot\CSM => Boot Device Control = UEFI only (original setting was along the lines of 'Both UEFI and Legacy')
But after that, it wouldn't boot into Win10. So I had to change it back.

I'm wondering, if that setting is by some chance the last piece of the puzzle to make this work, but I can't set it to UEFI with my current Win10 installation, perhaps I can enable it and then install Win11 anyway? Annoying if I have to change a bios setting every time I want to go back to my old Windows installation, but I could live with that. Will this work or am I in danger of bricking my system with an encrypted MBR, or something?

 

[drea.drechsler]

...
Boot\CSM => Boot Device Control = UEFI only (original setting was along the lines of 'Both UEFI and Legacy')
But after that, it wouldn't boot into Win10. So I had to change it back.
...

Secure Boot requires UEFI mode operation, which is CSM disabled. UEFI mode requires the system drive be initialized in GPT partitioning scheme. If that was not done during Windows installation you'll have to convert from MBR scheme.

https://learn.microsoft.com/en-us/windows/deployment/mbr-to-gpt

https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10

Once you've converted the system drive to GPT update your BIOS to the LATEST, should be v3802 if I have your board right. The latest BIOS will enable Secure Boot (if the drive is in GPT scheme) and the fTPM by default. Then update your Win10 to Win11.

If you already updated to latest BIOS, after converting to GPT do a CMOS Reset. That should enable Secure Boot and the fTPM by default. Install Win11.

 

[kamikaze4kanojo]

Secure Boot requires UEFI mode operation, which is CSM disabled. UEFI mode requires the system drive be initialized in GPT partitioning scheme. If that was not done during Windows installation you'll have to convert from MBR scheme.

https://learn.microsoft.com/en-us/windows/deployment/mbr-to-gpt

https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10

Once you've converted the system drive to GPT update your BIOS to the LATEST, should be v3802 if I have your board right. The latest BIOS will enable Secure Boot (if the drive is in GPT scheme) and the fTPM by default. Then update your Win10 to Win11.

If you already updated to latest BIOS, after converting to GPT do a CMOS Reset. That should enable Secure Boot and the fTPM by default. Install Win11.

Thank you so much, your answer makes sense at every step, and you are right that my bios version is 3802. I didn't know anything about different partition schemes, but I can now confirm my disk is MBR - so that must be the reason for the problem!

That said, I don't think I want to mess with this disk/win10 installation; this whole transition is stemming from my plans to buying a new SSD on black friday. How about this: when the new SSD arrives, I'll disconnect all other drives, Turn OFF CSM, and let the Win11 installation format the new drive how it wants? I would prefer to avoid CMOS reset if I can.

 

[drea.drechsler]

... I would prefer to avoid CMOS reset if I can.

Why fear CMOS reset? It's really quite easy to do and can't harm the system at all. If your concern is poking around inside the computer you can do it when you install your new SSD since you have to go inside to do that anyway. After that, simply do your fresh install of Win 11 and it will initialize your new drive in GPT and set up correctly.

You can also look for a setting called "Load Optimized Default Settings" in your BIOS. I'm not sure it does all that a CMOS reset does but it will return everything to defaults...which enables fTPM and Secure Boot...without going inside the system. I'm assuming that you've got your system on the latest BIOS, by the way. One of it's major features is full Win 11 compatibility for security settings.

And lastly: you've never told us what processor you have. 1st gen Ryzen processors are not compatible with Win11. I also believe 2200G and 2400G APU's aren't compatible (could be wrong though).

 

[kamikaze4kanojo]

Just a followup to close off this issue. Above poster seems very knowledgeable and I can confirm that after turning off CSM (compatibility support module), I was able to install Win11 on my new hard drive. Happy customer! One warning, if you have tweaked ram timings, overclocks etc, take photos of all bios screens before flashing the firmware. The update reset everything to default without warning.