Question Why can I upgrade now?

[bryanc723]

I recently upgraded some parts about a month ago to catch up with the times. When I first did this, I was unable to upgrade to win 11 due to not having a TPM module installed. Looked it up and lo and behold it's a seperate chip i can purchase.
So I figure I'll just order it when I get a new gpu.
I updated the BIOS last week some time.
Today I downloaded a new graphics driver. When I reboot the system it asked me if I wanted to upgrade to win 11 and I said yes and am going through the paces.
Did Microsoft eliminate requirements, or is something else going on?
The GPU was a legacy update from AMD which I figured was generally unexpected.
SPECS:
CPU amd 5900x
GPU amd r9 Fury(new drivers)
MOBO MSI meg x570 unify(most recent bios)

It doesn't make any sense to me why a graphics update for a legacy card would impact my ability to go to upgrade as it met the requirements prior. And the BIOS the mobo shipped with was after win 11 release.

 

[ohio_buckeye]

Not sure exactly but with my b350 board and ryzen 3600 I ended up needing in the bios to enable the tpm setting there, and didn’t need a separate chip.

Found this thread where they were talking about a gigabyte board.

View: https://www.reddit.com/r/gigabyte/comments/pu8um0/enabling_tpm_on_gigabyte_x570_for_windows_11/

 

[hotaru.hino]

Your CPU has what's called fTPM, which means the CPU has a security chip inside that satisfies TPM 2.0 requirements.

The BIOS update probably enabled fTPM by default.

 

[ohio_buckeye]

Would make sense since they are starting to retire windows 10.

 

[Colif]

• DISCRETE TPM (TPM 1.2 & TPM 2.0)
  Discrete TPM provides the highest level of security. The intent of this level is to ensure that the device it?s protecting does not get hacked via even sophisticated methods. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security that can resist tampering with the chip, including probing it and freezing it with all sorts of sophisticated attacks.
• INTEGRATED TPM
  Integrated TPM is the next level down in terms of security. This level still has a hardware TPM but it is integrated into a chip that provides functions other than security. The hardware implementation makes it resistant to software bugs, however, this level is not designed to be tamper-resistant.
• FIRMWARE TPM (fTPM)
  Firmware TPM is implemented in protected software. The code runs on the main CPU, so a separate chip is not required. While running like any other program, the code is in a protected execution environment called a trusted execution environment (TEE) that is separated from the rest of the programs that are running on the CPU. By doing this, secrets like private keys that might be needed by the TPM but should not be accessed by others can be kept in the TEE creating a more difficult path for hackers. In addition to the lack of tamper resistance, the downside to the TEE or firmware TPM is that now the TPM is dependent on many additional aspects to keep it secure, including the TEE operating system, bugs in the application code running in the TEE, etc.
• SOFTWARE TPM
  Software TPM can be implemented as a software emulator of the TPM. However, a software TPM is open to many vulnerabilities, not only tampering but also the bugs in any operating system running it. It does have key applications: it is very good for testing or building a system prototype with a TPM in it. For testing purposes, a software TPM could provide the right solution/approach.

win 10 only supports software tpm, win 11 supports ftpm & Discrete.

Be really nice if all the false advice about needing a Discrete TPM would go away.

 

[bryanc723]

I guess that kinda makes sense. I tried manually turning it on in my UEFI but the options were grayed out prior to bios update and I never checked if that changed when I did it. Only checked the revision number. I'll just accept it and be glad I don't have to but a $35 chip.

 

[Colif]

bios update probably enabled ftpm and secure boot at same time, both those changes may have been why its not greyed out now.

 

[joeldf]

I have a Gigabyte MB too (a B460 Intel board), and yes, the recent BIOS updates to pretty much all of their boards enabled the software TPM by default. Previously it was disabled by default. I manually turned mine on last October (before the BIOS update was even issued) so I would be able to update to Win 11 if I wanted. I've had the ability to update to Win 11 ever since.

Although, I waited until just last April before actually updating my machine.