[SOLVED] Would enabling fTPM affects CPUs performance?

[OMGiTxREALHASSAN]

I've a R5 3600 paired with GIGABYTE A320M-S2H V2 and I want to try WINDOWS 11, you know I've to enable fTPM for that so would it affect my PROCESSOR's performance?

 

[drea.drechsler]

I've a R5 3600 paired with GIGABYTE A320M-S2H V2 and I want to try WINDOWS 11, you know I've to enable fTPM for that so would it affect my PROCESSOR's performance?

From what I've read the fTPM itself will have no impact on CPU performance but it only makes sense that any encryption and decryption of data or other aspects of the services that need use of the fTPM may.

For instance, if you use BitLocker to encrypt your drive and vault the keys in the fTPM then Bitlocker necessarily imposes a bit of overhead as it encrypts and decrypts on the fly.

 

[OMGiTxREALHASSAN]

From what I've read the fTPM itself will have no impact on CPU performance but it only makes sense that any encryption and decryption of data or other aspects of the services that need use of the fTPM may.

For instance, if you use BitLocker to encrypt your drive and vault the keys in the fTPM then Bitlocker necessarily imposes a bit of overhead as it encrypts and decrypts on the fly.

Yeah, that makes sense and there's one more thing when I tried to install WINDOWS 11 BETA the installer gave me an error saying "YOUR DEVICE NOT COMPATIBLE WITH WINDOWS 11. YOUR PC SHOULD BE SECURE BOOT COMPATIBLE FOR INSTALLING WINDOWS 11" or something like that. Can you tell me what do I have to do about it.

 

[drea.drechsler]

Yeah, that makes sense and there's one more thing when I tried to install WINDOWS 11 BETA the installer gave me an error saying "YOUR DEVICE NOT COMPATIBLE WITH WINDOWS 11. YOUR PC SHOULD BE SECURE BOOT COMPATIBLE FOR INSTALLING WINDOWS 11" or something like that. Can you tell me what do I have to do about it.

Is your BIOS on the latest REV?

I am not by any means Win11 'smart', but what I think is happening is MS is getting things ready for rollout. To install your motherboard MUST be running in UEFI mode (not CSM), Safe Boot enabled and a TPM 2.0 device enabled. I think...just think...it has to be enabled BY DEFAULT in the BIOS, so that means a new BIOS rev since almost none were like that previously.

In addition, certain processor (ryzen 3000 meets that) and a GPU that's DX12 capable at least so much memory and a few other things. Go to the Windows forums.

If yours doesn't meet the minimums you can get on the Insider program and get an installation kit downloaded to force install but you're on your own. Don't ask me how...hit the Windows forums.

 

[hotaru.hino]

I've a R5 3600 paired with GIGABYTE A320M-S2H V2 and I want to try WINDOWS 11, you know I've to enable fTPM for that so would it affect my PROCESSOR's performance?

No. fTPM leverages a separate part of the CPU called the trusted execution environment. In Ryzen processors, it's the Platform Security Processor.

Yeah, that makes sense and there's one more thing when I tried to install WINDOWS 11 BETA the installer gave me an error saying "YOUR DEVICE NOT COMPATIBLE WITH WINDOWS 11. YOUR PC SHOULD BE SECURE BOOT COMPATIBLE FOR INSTALLING WINDOWS 11" or something like that. Can you tell me what do I have to do about it.

Assuming you've turned on Secure Boot and fTPM enabled, you also need to make sure the storage device you want to install Windows 11 to was formatted as a GPT drive.

 

[OMGiTxREALHASSAN]

No. fTPM leverages a separate part of the CPU called the trusted execution environment. In Ryzen processors, it's the Platform Security Processor.


Assuming you've turned on Secure Boot and fTPM enabled, you also need to make sure the storage device you want to install Windows 11 to was formatted as a GPT drive.

WTH! It means I've install windows 11 with a USB stick because don't you've to format the whole HDD?

 

[drea.drechsler]

WTH! It means I've install windows 11 with a USB stick because don't you've to format the whole HDD?

You'll not be able to set up your BIOS in UEFI mode with safe boot unless the system drive is converted to GPT.

There are several tools available to do it without data loss. I've used partition master from EasuUS before, they have a 'trial download' for home use.

https://www.easeus.com/partition-master/convert-mbr-disk-to-gpt-disk.html

 

[OMGiTxREALHASSAN]

You'll not be able to set up your BIOS in UEFI mode with safe boot unless the system drive is converted to GPT.

There are several tools available to do it without data loss. I've used partition master from EasuUS before, they have a 'trial download' for home use.

https://www.easeus.com/partition-master/convert-mbr-disk-to-gpt-disk.html

I've tried it but not converting it to GPT

 

[digitalgriffin]

From what I've read the fTPM itself will have no impact on CPU performance but it only makes sense that any encryption and decryption of data or other aspects of the services that need use of the fTPM may.

For instance, if you use BitLocker to encrypt your drive and vault the keys in the fTPM then Bitlocker necessarily imposes a bit of overhead as it encrypts and decrypts on the fly.

You are onto something because Microsoft is bypassing all built in drive encryption because of "flaws" with existing hardware implementations.

However this is a bit fox in the hen house as microsoft can now descrypt your drive without your permission. You couldn't do that easy with protocols like opal.

This is worrisome because MS is very five eyes and e letter agency friendly. Unreasonable search and seizure is an amendment for a reason.

 

[Colif]

there is a little ARM core in every Ryzen CPU that runs Secure boot and ftpm and is not at all related to the CCD in the cores that run Ryzen. It has zero effect on CPU performance.

It boots before the CPU and controls the boot process. Any encryption/decryption is handled by it, seperate to the CPU. Security reasons. Totally apart from CPU in every aspect except its location

 

[drea.drechsler]

You are onto something because Microsoft is bypassing all built in drive encryption because of "flaws" with existing hardware implementations.

However this is a bit fox in the hen house as microsoft can now descrypt your drive without your permission. You couldn't do that easy with protocols like opal.

This is worrisome because MS is very five eyes and e letter agency friendly. Unreasonable search and seizure is an amendment for a reason.

....
However this is a bit fox in the hen house as microsoft can now descrypt your drive without your permission. You couldn't do that easy with protocols like opal.
...

Mheh... I have nothing to hide on my computer. I'm not an AntiFa hothead planning my next torching of an RNC campaign headquarters, I don't publish E-Paedophile monthlies, I don't keep nude pictures of old girlfriends. They can have a look if they want.

I'm utterly convinced, at this point, that the compromis(es) that lead to my destruction will not occurr by gaining access to data on my personal computing system(s). But to the compromises of privacy data being held in theirs. The many theirs.

I'm a retiree. If you don't want to spend your entire retirement in bureaucratic hell you have to do all transactions for the many pensions, annuities, medical plans, government stipends and benefits and tax agencies all holding a piece of the future you planned and hoped for through their on-line portals. And, of course, they all want 'paperless', so everything must be direct deposit to your bank.

These are the portals operated by the same agencies and banking institutions we read about, with annoying routine, being 'hacked' and 'held for ransom' or some such.

One day, they'll have hacked enough of those dependable agencies to piece together a coherent picture of my complete financial 'empire' and all the ways to use it up. Then poof...gone, along with millions of others just like me.

Security's a funny thing, it's never perfect. Just like the locks on my front door: a big enough hammer and you're in any system. You can get bigger locks, stronger door and hinges. They just use a half pound of C4. The same with your personal computer...given enough interest and time they'll figure a way in. The thing is to be a very uninteresting person. That's why nobody had to worry about locking their doors in the 50's...everybody had the same things, so why?

 

[OMGiTxREALHASSAN]

there is a little ARM core in every Ryzen CPU that runs Secure boot and ftpm and is not at all related to the CCD in the cores that run Ryzen. It has zero effect on CPU performance.

It boots before the CPU and controls the boot process. Any encryption/decryption is handled by it, seperate to the CPU. Security reasons. Totally apart from CPU in every aspect except its location

Thanks for sharing this information.

 

[OMGiTxREALHASSAN]

Security's a funny thing, it's never perfect. Just like the locks on my front door: a big enough hammer and you're in any system. You can get bigger locks, stronger door and hinges. They just use a half pound of C4. The same with your personal computer...given enough interest and time they'll figure a way in. The thing is to be a very uninteresting person. That's why nobody had to worry about locking their doors in the 50's...everybody had the same things, so why?

Nice One 😂 I'm gonna PRINT and FRAME this 🤣

 

[hotaru.hino]

You are onto something because Microsoft is bypassing all built in drive encryption because of "flaws" with existing hardware implementations.

However this is a bit fox in the hen house as microsoft can now descrypt your drive without your permission. You couldn't do that easy with protocols like opal.

I fail to see how unless they've implemented a backdoor or the keys to the drive are located on their servers.

Be interesting to see any proof of this though.

 

[drea.drechsler]

Nice One 😂 I'm gonna PRINT and FRAME this 🤣

I may be wrong...but I'm sure someone said something very much like it in a movie.

 

[OMGiTxREALHASSAN]

I fail to see how unless they've implemented a backdoor or the keys to the drive are located on their servers.

Be interesting to see any proof of this though.

By the way, I was watching LINUS's video the other day "DON'T buy a new pc to install windows 11"and he showed that you can disable both of these SECURE BOOT & TPM after installing windows 11. Its just like a formality that you've to do before installing windows 11 and nothing else.

 

[drea.drechsler]

By the way, I was watching LINUS's video the other day "DON'T buy a new pc to install windows 11"and he showed that you can disable both of these SECURE BOOT & TPM after installing windows 11. Its just like a formality that you've to do before installing windows 11 and nothing else.

I know MS has said you can force-install Win11 on unsupported systems (no secure boot, no tpm)...but it will not be supported on the update cycle (not entirely clear what that means). I imagine disabling it will accomplish the same feat.

That said, I wouldn't buy a new pc either since Win10 is going to be supported for a long time and works just fine.

 

[Colif]

By the way, I was watching LINUS's video the other day "DON'T buy a new pc to install windows 11"and he showed that you can disable both of these SECURE BOOT & TPM after installing windows 11. Its just like a formality that you've to do before installing windows 11 and nothing else.

thats NOW. We don't know what MS will do to stop people with non complaint machines from running 11 after its out. They could have it check it every boot. TPM can be used for PIN and Windows Hello, you may not be able to logon without it

 

[OMGiTxREALHASSAN]

I may be wrong...but I'm sure someone said something very much like it in a movie.

Yeah! It seemed like I've heard it somewhere before. But anyways that is a good reply to a AVERAGE PC USER who's very worried about his privacy and all he have are just some cracked softwares and ETHICAL HACKING COURCES.

 

[OMGiTxREALHASSAN]

thats NOW. We don't know what MS will do to stop people with non complaint machines from running 11 after its out. They could have it check it every boot. TPM can be used for PIN and Windows Hello, you may not be able to logon without it

Then I think we should buy some shares of LINUX in the Stock Market (if it's a thing, I don't know) because I think many of WINDOWS USERS are going to SWITCH because not everyone has the resources to buy a new MAC when they've just build a BEAST PC last year.

 

[drea.drechsler]

...TPM can be used for PIN and Windows Hello, you may not be able to logon without it

It IS being used for my PIN (probably not to store it, but maybe some kind of validation and/or attestation). I found out when I cleared the fTPM stored data. Don't ask me, I can't remember how. But after a moments panic when the PIN didn't work at next logon I remembered my Microsoft Account password would...so I got in and re-established the PIN.

OMG. this is getting convoluted now that I've read MS is abolishing the password.

 

[Colif]

Linus Torvolds doesn't think Linux is a good replacement for windows, and he writes its kernel. It has its own problems, mainly too many distributions. Who wants to write software for 14 different versions of the same OS?

Win 10 is still usable for 5 more years, no rush to use 11. Its not worth throwing a PC away just to have it. I know as I been using it 7 weeks now. Its so similar to win 10 I only remember I am on 11 when ansering questions like this... You aren't missing anything.

Yes, ftpm is used for the PIN. As far as I know the password replacement is only for Enterprise. Not consumers.

 

[OMGiTxREALHASSAN]

Linus Torvolds doesn't think Linux is a good replacement for windows, and he writes its kernel. It has its own problems, mainly too many distributions. Who wants to write software for 14 different versions of the same OS?

Win 10 is still usable for 5 more years, no rush to use 11. Its not worth throwing a PC away just to have it. I know as I been using it 7 weeks now. Its so similar to win 10 I only remember I am on 11 when ansering questions like this... You aren't missing anything.

Yes, ftpm is used for the PIN. As far as I know the password replacement is only for Enterprise. Not consumers.

Hmm... Yeah! Now that think about, its really a bad idea to go to LINUX🤣 But if a person knows what his main use of the pc is, Maybe then he can choose a distro for himself. Ain't I right?

 

[Colif]

Probably, but most windows users wouldn't know that. Most don't know what they want OS to do, its just backdrop to whatever they run.

I don't use linux myself, although i have Ubuntu installed on Windows Subsystem for Linux, I don't really understand it. I have enough things to work out without learning a new OS.

 

[digitalgriffin]

Mheh... I have nothing to hide on my computer. I'm not an AntiFa hothead planning my next torching of an RNC campaign headquarters, I don't publish E-Paedophile monthlies, I don't keep nude pictures of old girlfriends. They can have a look if they want.

I'm utterly convinced, at this point, that the compromis(es) that lead to my destruction will not occurr by gaining access to data on my personal computing system(s). But to the compromises of privacy data being held in theirs. The many theirs.

I'm a retiree. If you don't want to spend your entire retirement in bureaucratic hell you have to do all transactions for the many pensions, annuities, medical plans, government stipends and benefits and tax agencies all holding a piece of the future you planned and hoped for through their on-line portals. And, of course, they all want 'paperless', so everything must be direct deposit to your bank.

These are the portals operated by the same agencies and banking institutions we read about, with annoying routine, being 'hacked' and 'held for ransom' or some such.

One day, they'll have hacked enough of those dependable agencies to piece together a coherent picture of my complete financial 'empire' and all the ways to use it up. Then poof...gone, along with millions of others just like me.

Security's a funny thing, it's never perfect. Just like the locks on my front door: a big enough hammer and you're in any system. You can get bigger locks, stronger door and hinges. They just use a half pound of C4. The same with your personal computer...given enough interest and time they'll figure a way in. The thing is to be a very uninteresting person. That's why nobody had to worry about locking their doors in the 50's...everybody had the same things, so why?

While I agree with you on a surface level, the more freedoms you surrender the more you become a slave to the corrupt. (Megalomaniacs (aoc, trump) , paranoid, anti American, and McCarthys' of the world. Let's not forget rogue generals talking to china). This is the same govt that made itself exempt from aca and the vaccine mandate. And you want to trust these clowns with your private life?

While this may sound anti American, it's quite the opposite. Our freedoms are what made this country great. And it's up to us to make sure they aren't eroded. I still think we have one of the best systems of government. And I believe in our armed forces desire to protect us. I just don't trust the idiots at the top.


And 512bit encryption can stop then for a couple hundred years. That's a hell of a lot of C4. The problem is a number of these companies are overseas (ie Samsung) so they can give the us govt the middle finger if the govt ask for a back door. Microsoft, and Verizon have proven they are more than willing to cooperate with big govt at the expense of their customers.

And you are right there are a number of exploits, some even clickless that will infect your machine easily. But these resources are used sparingly because once they are discovered they are useless. It's quite a trivial task to create vms and snapshot the registry and monitor and file and registry changes and logs to reverse engineer how a system was infected. This is a primary remedy of anti virus researchers. Once that information is out your precious tool is useless.

Since Microsoft owns the master encryption keys, it's of trivial matter to unlock an encrypted drive if you have the original tpm hardware.

Microsoft actually limited the level of encryption on some passwords to make them easier to figure out.