cancel
Showing results for 
Search instead for 
Did you mean: 

PC Processors

NovaOx
Adept I

fTPM issue with secure boot

System spec AMD Ryzen 2600/ Gigabyte B450 Arorus Pro Wifi/ 32 GB DDR4 / MSI RTX2700 super/ WD_Black SN750 1TB NVMe Internal Gaming SSD - Gen3 PCIe, M.2 

Hello I have a very odd issue going on with my PC, I will try to explain the best I can.  I was running windows 11 until a couple of weeks ago, when for some unknown reason windows 11 would not boot, it was fine the night before, then I shut down the PC and, in the morning, when I started it, I got a blue screen mentioning stating "an unexpected I/O error has occurred, File \windows\system32\boot Winload.efi  error code 0xc00000e9. I reset the Bios to factory optimized settings which on my board enables CSM and fTpm trying to reinstall windows I would get the same error, I attempted to install UEFI windows with fTmp enabled but leaving secure boot disabled (CSM enabled, which is my motherboard optimized default) and I just get a light blue screen with No error, but it just sits there and does nothing, after a while the PC shuts down.  after some time, I decided to disable fTmp and just attempt to load windows without it, and it was successful, I was able to install windows 10 (couldn't install windows 11 without the fTpm) I then went back into the Bios, and decided to try to install windows 10 with fTpm enabled but with CSM enabled as well, but using the "legacy" (none UEFI option) which worked as well , Device manager listed the TPM and no errors , however under windows device security the TMP did not have any manufactures name, and stated version was 0.0.0.0,  clicking troubleshoot TPM I received an error stating that the tpm was unknown to contact manufacture. I reached out to Gigabyte and of course they tell me it is not their issue that fTpm is part of the CPU.  I have tried all the troubleshooting steps suggested to me and nothing seems to work, I can either install windows 10 with the CSM enabled and fTpm enabled in a "legacy" bios or I can keep fTpm disabled and install windows 10 in UEFI mode (secure boot) but not both and both is needed for Windows 11.  I am not a total novice when it comes to computer repair, but this issue has me stumped.  Could it be that the CPU is malfunctioning?  In the Bios when fTpm is enabled it does show manufacture info (such as AMD and version number), however as mentioned this is not shown in windows, I try to run tpm.msc and get an error stating the console could not open, when fTpm is disabled, I receive a message stating that no compatible tmp is found (expected as its disabled, but this shows at least windows notices when its disabled?)  I even tried to install windows using default settings in bios, (legacy mode which installs windows using MBR partition and not GPT) and then using mbr2gpt convert the drive, the second I restarted the PC I received the "recovery error" mentioned above, and once fTpm was shut off, windows booted fine into UEFI mode (GPT partition) I am hoping someone can help with this issue, as luck has it, my CPU's warranty expired 2 days before all this happening, which makes me wonder, but that is for another time. 

0 Likes
1 Solution
NovaOx
Adept I

For any following this post I have resolved the Issue, turns out it was a bios issue, although reinstalling newest Bios did not resolve the issue, nor did rolling back bios to a few earlier versions, however after exhausting all troubleshooting I decided I had nothing to lose and downloaded all 17 bios updates for my board, and starting from first bios I installed them in order, and now everything is working as expected once again. I am not sure which bios update fixed the issue, I know it was not the last 3 though as I had installed and reinstalled those ones with no success, either way PC is now running windows 11 with fTmp and UEFI.

View solution in original post

27 Replies
hrpuffnstuff
Miniboss

Are you using a bios with AGESA 1.2.0.7?

0 Likes

I am using the bios put out by Gigabyte to enable Ftmp I have also tried using the latest Bios available, same results. If i leave fTpm enabled with CSM enabled, (secure boot disabled) I can install windows however window will install in "legacy Bios" using MBR rather than the GPT that UEFI requires, If I disable fTpm and enable secure boot (disable CSM) then I can install windows in UEFI, I just can't seem to get both to work at once, As I mentioned In the Bios the fTmp does list manufacture and version number, however in Windows Device security it does not , troubleshooting mentions not being able to find the device info to contact manufacture, however I have found no way to contact AMD direct about this, and as mentioned my warranty expired about 2 days before this issue started, convenient I suppose 

0 Likes

You can open a AMD Request Service Non-Warranty to see what AMD mentions about your fTPM issue from here: https://www.amd.com/en/support/contact-email-form'

By the way I user whose AMD processor also expired about 2 or 3 days later found out he had a bad processor. He went ahead and opened a AMD Warranty and they honored it by replacing his defective AMD processor.

You can do the same thing here by opening a AMD Warranty Request and see if they will honor your Warranty since it is only a couple of day expired from here: https://www.amd.com/en/support/kb/warranty-information/rma-form

No harm is trying.

0 Likes

thank you , the first link does not work though, I will try the warranty rout but will have to take my cooler off in order to locate serial number =/ so may have to wait a day or two until I can get more thermal paste 

0 Likes

The ftpm on the Bios are absolute garbage. I couldn't use my computer for over a month, something that I spent 4k on, I'd hope it last me me more than just 2 years. Win 11 was running fine for a few months although I had significant trouble installing it initially but after some Nvidia/windows update I had nothing but blue screen issues every 5 mins rendering the pc useless. I independently contacted Amd, Microsoft and Gigabyte and all of them ended up giving me the run around blaming that it could be a hardware issue. Totally frustrated with the customer service I decided to just forget about win 11, I disabled Ftpm, reinstalled windows 10 and PC works like a charm. Haven't seen a blue screen in weeks. I now also have the AA code on my MB as opposed to 9E when I enable ftpm. I am fairly sure that this issue is known to Gigabyte and AMD. I'm sure hundreds of users would have faced it but I guess they are just hoping they'll upgrade and eventually it'll all be forgotten. 

One option you have is to disable ftpm in the bios and install a physical TPIM 2.0 module. They go for about 20 bucks on Amazon as long as your motherboard has the slot for it. Worth a shot. But for now I'm sticking to win10 for the next couple years before I upgrade. Hope this helps someone out there who's facing similar issues.

0 Likes
DimkaTsv
Miniboss

Can it be more of a Secure boot issue? 
There were some news about Windows 11 update breaking Secure boot locking down people systems. 
There also were BitLocker bug that broke some people PC's. And BitLocker key may be tied to fTPM if it exists. Even though i remembere there also was something with passwords. 
-------------------------------------------\\\
It seems quick search found you related topic. I know latest Gigabyte BIOS for me have enabled by default toggle "Install Gigabyte App Center", sooo
https://www.reddit.com/r/gigabyte/comments/o8hik4/amd_ftpm_cause_winloadefi_error_code_0xc00000e9/
https://answers.microsoft.com/en-us/windows/forum/all/enabling-ftpm-gives-error-code-0xc00000e9/856c...
https://www.reddit.com/r/Windows11/comments/pjg3jl/has_anyone_else_had_this_issue_windows_not/

You have to reinstall the latest bios (doesn't matter if it's the one currently installed) then once you updated your BIOS enable TPM and Secure boot, then while in windows uninstall anything related to gigabyte, usually fixes the problem

 

But i still won't trust fTPM much... And ESPECIALLY SecureBoot. Too easy to break system with one wrong step

0 Likes

I have tried all that and more a dozen times and nothing works, I need Secure boot and fTmp to install windows 11, if I disable secure boot (enable CSM) and enable Ftmp I can install windows however it is installed in a legacy bios mode, attempting to install windows 11 will flag and tell me I need to have secure boot enabled ( or at least available and only way to do that is disable CSM)  nothing I have tried has worked, I am not even sure if the fTmp clears itself as I am yet to receive any message stating that the Ftmp was reset or cleared like many suggest should happen, my Pc does reboot, then starts, then it reboots again, loading windows. 

0 Likes

Hmmm... What if i tell you that there is way to install windows 11 without Secure boot or fTPM arbitrary requirement (you actually don't need them to run Win11)?
https://rufus.ie/en/
Get your flash drive and .iso file ready

DimkaTsv_alt_1-1667946728421.pngDimkaTsv_alt_2-1667946749131.png

 

When you press start you will have prompt on second screenshot. First checkmark will save your day.

0 Likes

yes I was thinking of using Rufus for this reason, It just bugs me knowing that something that was working fine, no longer is working at all, and then I have to wonder what caused it, i was running windows 11, and I do recall an update a day or two before the issue, but seeing as I am experiencing the same with windows 10, I'd have to think its hardware related, I may have to go that route though as a TMP chip from gigabyte oddly enough is now over 100$ CND, funny how much those prices jumped. 

0 Likes

According to your Gigabyte Support for your MoBo since BIOS Version F62 , AMD PSP and fTPM are automatically enabled now as default.

Since everything was working normally until recently seems to suggest a hardware issue since it happens after doing a clean Windows installation.

Found this tech site that gives a good explanation of your error: https://www.lifewire.com/fix-error-code-0xc00000e9-4772049

Windows error code 0xc00000e9 is a common Windows Boot Manager error that indicates either a hardware failure or a corrupted system file encountered during the boot process. It appears shortly after the computer starts, but before the Windows login screen, as follows:

  • An unexpected I/O error has occurred. Error code: 0xc00000e9

Instructions in this article apply to Windows 10, Windows 8, Windows 7, and Windows Vista.

Causes of Windows 0xc00000e9 Error Code

The 0xc00000e9 error code always has to do with the boot process for Windows. An I/O error, or input/output error, occurs when the system is unable to access a drive or disk, which means it cannot read or copy data. Because it's common, there are many reasons why the error might appear:

  • Malfunctioning external hardware or PC components.
  • Damaged input or output ports.
  • Incorrectly seated components such as a disconnected hard drive that doesn't make contact with the motherboard.
  • Improperly configured UEFI, BIOS, or CMOS settings.
  • Corrupt system files or Windows Registry problems.
  • Problems with Windows Update.
  • A boot sector virus or other malware.
0 Likes

Forgot to mention if the only issue you are having is fTPM then your motherboard has a TPM Header to connect a TPM module to it.

See if everything works with a TPM card or module installed and fTPM disabled in BIOS.

Here are Gigabyte TPM Cards from their website: https://www.gigabyte.com/us/Motherboard/TPM-Card

0 Likes

I realize I can buy a standalone chip, however that does not really solve the underlying issue, of what could be causing the fTpm to cause this, as mentioned I can install windows with fTpm active, its seen in device manager with no errors, windows device security however does not find any info on the fTpm (no manufacture name or version number) and tells me to contact manufacture. using tpm.msc does not show any info either it states it could not open the console. if I disable fTpm , tpm.msc states it cannot find any suitable device.  I am starting to think perhaps the CPU is failing (of this part of it) however I cannot find any test to verify this, the drives are all fine, I have even gone as far as testing install on several drives, same situation regardless of which drive I choose, if fTmp is enabled and CSM disabled (as it has to be for windows 11) the system simply goes to the recovery error, I can't even do a fresh install using the settings needed for windows 11, I would really like to know if it's the CPU or some other setting that may be causing issues. but cannot locate any sort of test for that, nor can I locate TPM drivers or even firmware for the fTpm, so I guess I am stuck on windows 10 until I can afford a standalone chip and hope that solves the issue. 

0 Likes

I have tried all these steps, nothing I do will allow both secure boot and fTpm to work together, which windows 11 states it requires, if I install windows with CSM enabled (secure boot off) and fTpm enabled it will install however in windows device security it does not show any manufacturing data, and the error it mentions the same that it cannot find information on the TPM, i click clear TPM and I don't think anything even happens to be honest as I am yet to receive a message at boot indicating fTpm was reset, I have also tried this in the Bios, same results or lack of. I have updated and re-flashed the Bios several times, no results.  installing Windows using "factory optimized" settings in Bios, installs in a legacy bios mode, and the minute the drive is converted from MBR to GPT and the system attempts to start I get the recovery error regarding winload.efi, if I leave fTpm disabled then everything loads fine, however you need both secure boot and fTpm to install windows 11, which was installed for several months, I am starting to think its a failure within the CPU, but I cannot find any way to test this, device manager shows the fTmp and updating drivers does nothing, AMD does not seem to have standalone firmware or drivers for fTpm and gigabyte is telling me it's not a motherboard issue it's an issue with the CPU, and I cannot seem to find a way to speak directly with AMD support on the issue, assuming they would even help seeing my warranty just ran out about 2 days before all this started.

0 Likes

In my last reply I posted both AMD SUPPORT and AMD WARRANTY REQUEST Links so you can open a ticket with both.

Provide a link to this thread if you decide to open a AMD SUPPORT Ticket to see your detailed explanation of your issue with your CPU.

Also see if AMD Warranty will honor the warranty even though it is expired.  In a recent thread another User open a Warranty Ticket with an expired Warranty but only a few days expired and AMD sent him a replacement CPU that fixed his issue since the issue seems to have happened before the Warranty expired. just guessing.

No harm in trying both links.

NOTE: I googled AMD Customer Support and this Telephone number popped up: 1 (877) 284-1566

Not sure if is still active or not since all Technical Support by Online AMD Request Service. But maybe they can get someone to help with your issue.

0 Likes
MADZyren
Paragon

I think you should disable CSM as to my understanding it might prevent Windows protection features from working and could possibly cause issues.

Keep fTPM enabled

I think you should:
- clear CMOS (unplug from wall, remove battery or short pins)
- enable XMP, fTPM, disable CSM -> save changes on exit

Do a clean reinstallation of Windows with these settings and are likely good to go

There could maybe - never encountered such though - be an issue with keys in fTPM and in that case I would reset/clear those in BIOS and then do the steps mentioned above. Remember if you use encrypted drive (I don't see a reason to use it with desktops in home use) that you can't access files in encrypted drive after clearing the keys.

0 Likes

thanks for the reply, If I disable CSM (which enables secure boot) and enable fTmp, when I attempt to install windows, I get the blue screen recovery error.  I tried to clear the secure boot keys and set them to factory, I did notice though in my forbidden keys there is a SHA45 I think its named ( I could have it wrong)  But it is the same name that is under the info for the Trusted platform 2.0, I wonder if this is the issue, and if so how could i get rid of it, I have reset secure boot to factory keys, then put it back in standard setting, I wonder if I should leave it in Start settings? it's very hard to find any info though regarding this.  but it was something I noticed, and it struck me as Odd as the same named thing (whatever SHA45 is) in both the trusted platform info and forbidden key list

0 Likes

Long day and trouble concentrating right now, but when you try to reinstall Windows, remove all partitions (mostly that small hidden one and Windows system partition) and allow Windows to recreate them. Also there should be a setting in BIOS about what to do if you change to another CPU. 

0 Likes
lopols
Adept II

Here is the culprit - "MSI RTX2700 super/" that is the virus in your system. Change that to something proper and you will not have any issues at all! 

Joke aside - looks like faulty hardware, as you stated it was working fine. I had a case before but when i updated the BIOS all was sound and clear. In your case sound like your CPU byte the dust. Try with another CPU, update and reset BIOS again and you may see a big difference.

 

Good luck! 

0 Likes
wildcard1978
Challenger

did yA CHECK FOR A MOTHER BOrd bios update with tpm fixes alot of boards had bios fixes for that

0 Likes

yes I am using newest Bios for my MB, I have even rolled back to the Bios released for fTmp with no change. 

0 Likes
wildcard1978
Challenger

Yeah if. The firmware fixes didn't work yeah most likely mother boards bad  

0 Likes
NovaOx
Adept I

For any following this post I have resolved the Issue, turns out it was a bios issue, although reinstalling newest Bios did not resolve the issue, nor did rolling back bios to a few earlier versions, however after exhausting all troubleshooting I decided I had nothing to lose and downloaded all 17 bios updates for my board, and starting from first bios I installed them in order, and now everything is working as expected once again. I am not sure which bios update fixed the issue, I know it was not the last 3 though as I had installed and reinstalled those ones with no success, either way PC is now running windows 11 with fTmp and UEFI.

So glad i found this post. very very similar situation happened to me with the more recent BIOS update, same error for the most part (though once or twice it threw a different one). F64 (March, 22nd 2024) on my Gigabyte x470 Aorus Gaming 7 WiFi. Ryzen 2700 running fTPM, 32GB RAM, Rx 6750xt. Tried going back to F62 but that didn't work until I tried this suggestion of going back even further. Linux install worked just fine which help rule out a lot cause both Windows 11 and 10 installs would fail constantly even during the install itself and BIOS display and LEDs went back and forth indicating all sorts of errors. 

 

F64 still fails to work as it is now. but I'm sticking to F62 for now. was waiting on CPU upgrade to deliver as well as a physical TPM chip so i'm glad that my hardware isn't broken. would have sucked to find out my board was dead after ordering a new CPU. 

 

Will test the F64 bios on the new CPU and TPM. See if the behaviour is the same. 

0 Likes
charleski
Journeyman III

The problem is caused by corrupted entries in the TPM. The TPM entries need to be completely cleared, and the 'Clear TPM' option in the BIOS doesn't do this.

The only solution I have found is to flash a BIOS that has fTPM disabled as a default. Reflashing the latest BIOS in which fTPM defaults to enabled will not work. For my Aorus Ultra Gaming the most recent BIOS that will do the job is F61. Once flashed allow it to reboot twice and let windows load as normal. Then restart, re-enter the BIOS settings and flash the latest BIOS (which will have fTPM enabled by default) - your PC should now boot into Windows as normal and you can confirm that fTPM is working by running TPM.msc . 

I'd had fTPM working just fine for ages when it suddenly went beserk because I'd accidentally disconnected a hard drive. Flashing F61 and then the latest BIOS (F64a) was the only thing that let me run Win11 with fTPM on.

Props for this fix go to the fine people posting at the end of this reddit thread:

https://www.reddit.com/r/gigabyte/comments/o8hik4/amd_ftpm_cause_winloadefi_error_code_0xc00000e9/

torchnglass
Journeyman III

This is the exact information I have been looking for! I have been trying to upgrade to Windows 11 on my desktop with a Gigabyte b450 Aorus m motherboard and flashing the BIOS this way worked in my situation. I saw that fTPM needed to be enabled and never tried to boot with it disabled. My wife's computer is much the same hardware as mine and hers shows ready for Windows 11 but mine needed secure boot and TPM.
I learned after some digging that my OS install was on a MRB partition and hers was on GPT. I was not able to boot to a GPT configured install USB drive, it would just hang at a blue screen. When I loaded a clean install to the MRB drive and then using mbr2gpt.exe converted to GPT it would not boot and stopped with the "an unexpected I/O error has occurred, File \windows\system32\boot Winload.efi error code 0xc00000e9" screen.
I do not understand why this fTPM enable setting problem was so difficult to find! Microsoft and 99% of the advice out there is leading people to waste time on endless pursuits when a simple BIOS setting will allow for booting into a Windows UEFI drive. From there the issue of enabling fTPM properly is the only thing I needed and simply re flashing the latest BIOS will not work in my situation, but flashing f61 as described above and re flashing the latest (f64a in my case) worked perfectly.
Then to set secure boot not just to “enabled” but working was somewhat mysterious on this motherboard but I was able to find the correct sequence with a little digging. Set to "custom" mode and reset to factory default and then back to standard mode. I now have all the correct setting that Windows 11 wants running, after many days and many reinstall attempts plus a clone disk. I was able to use mrb2gpt on a Windows 10 install with all my programs and settings and now have it all running in Windows 11.
With the correct approach this was not difficult. Why is this information so hard to come by?

0 Likes

Hi could you please post here a link to the BIOS's you have downloaded, I want to check out a theory.

Also when you installed Windows as soon as you were physically able did you run an SFC /scannow I ask as when installing Windows 11 on two systems myself and after checking a 3rd install on a friends machine for some reason Windows automatically corrupts any BTH*.* Blutooth drivers, not a serious issue but it does not help.

0 Likes
Fasole
Journeyman III

For me disabling the TPM/TCM worked, you find it in bios.

0 Likes