Getting ready for Windows 11

The story behind the TPM 2.0 Module And
Troubleshooting ASUS-Maximus XII Hero (Wi-Fi) Intel Motherboard for Windows 11

Why

Microsoft in its June 24, 2021, announcement on Windows 11, specified the TPM 2.0 as a minimum hardware requirement for security chips on existing and new devices.

Windows 11 announced

What

The TPM — Trusted Platform Module — 2.0 card is a hardware module that securely stores keys, digital certificates, passwords, and data. It helps enhance network security, protects digital identities, and ensures platform integrity. The hardware barriers like the TPM 2.0 chip are required because the software barriers alone have not proven sufficient so far.

Do you already have it?

Probably you already have the required TPM Module. Verify it on your PC using a couple of options below.

Option-1: Check for your existing system hardware for Windows 11 Compatibility by downloading the Windows PC Health Check application from the below Microsoft link.
https://www.microsoft.com/en-us/windows/windows-11

You can get a free upgrade of Windows 11 upon rollout if your current PC meets the requirements.

Option-2: Press Windows Key+R to bring up the Run window.
Type tpm.msc and hit enter.

tpm.msc

The TPM Management window would open up to see if the module was detected. For example — In here the compatible Trusted Platform Module (TPM)1.2 or later was not detected.

Compatible TPM cannot be found

TPM on my desktop PC

ASUS-Maximus XII Hero (Wi-Fi) Motherboard

So, you can see from the results above that my highly performant — state-of-the-art Windows 10 Pro PC, assembled just a few weeks ago with care and hefty price, does not meet the Windows-11 requirement apparently.

What Next

One of the initial thoughts I had was to install the TPM Module externally on my ASUS-Maximus XII Hero (Wi-Fi) Motherboard by purchasing a compatible TPM ASUS Product like the one below.

TPM-M R2.0|Motherboards|ASUS Global

The TPM Connectors may be either 14 or 20 pin type on the motherboard. However, the ASUS motherboard product manual does not particularly mention a TPM connector.
The news that — all the TPM Modules available on the market shelves are gone within 48 hours of Microsoft’s announcement — made me further nervous.

Well, my ASUS-Maximus XII Hero motherboard was recently purchased and covered under the Manufacturer's warranty, so I thought of consulting them first before arriving at any conclusion.

And Voila!
The ASUS support responded within about 6 hours on my case dated 6/26/2021 with a solution.

I had to get into the BIOS to enable Intel PTT under PCH-FW Configuration.

The ASUS-Maximus XII Hero motherboard comes with Intel Platform Trust Technology — Intel PTT which is a hardware TPM 2.0 implementation integrated into Intel ME/CSME/TXE for credential storage and key management. The firmware TPM key gets stored in the Intel ME data region once the Intel PTT or Windows Bitlocker is enabled for drive encryption.

Steps performed —

  • Press F2/ DEL at Windows startup to get into BIOS
  • From BIOS-> Advanced->PCH-FW Configuration->PTT-> Enable PTT
  • Press F10 to Save Changes and Reset

In case you don't notice PTT at the above location, trying searching it while you’re at the BIOS.

However, there is a fair warning — when the recovery key is lost or when the BIOS RAM chip is replaced, the system will not boot into the operating system, and data will stay encrypted and cannot be restored.

Okay, so now that we are done with Save and returned to Windows, let's check the Windows 11 compatibility again using the two methods above.
The PC Health Checker

PC Health Check

And tpm.msc

TPM Management

Both look green —
All set for Windows 11 upgrade!!

I also have an HP premier segment Omen Laptop running Win10 Pro but saving that now for another story on TPM/Windows-11 upgrade.

Enthusiast. Believer. Technologist https://www.linkedin.com/in/ambar-prajapati/