I have an ASUS ROG X570 Crosshair VIII Hero Wi-Fi, the system originally born with a 5600x. Recently I updated it with a 5800X3D. I noticed that now the TPM window under the Windows Security app report that "TPM Attestation" is "Not Supported" while "TPM Memory" is "Ready". This is on Windows 11. I'm not using any extenal TPM module since ryzen 5000 should support TPM 2.0 natively. I lost a lot of time trying to make it work. Actually I'm on latest bios for my board with AGESA version ComboV2PI 1208, but I tried also to go back to older version. I tried countless times to reset the TPM both from Windows and /or Motherboard bios settings. I tried countless times to reset the bios itself also. I already done a clean installation of windows 11 with deletion of all previous partition created. I have done these steps both on old windows and fresh windows installation.
Fun fact the windows installer did't say my CPU was unsupported and I have used the official windows media creation tool to create the bootable usb without any modification to disable TPM checks.
How can i solve this? It's very annoying.
Thanks for the detailed explanation @wim-bart
That was helpful.
I've tried all these steps but i'm not able to solve the attestation problem. Maybe i did not understand some step. Can you better explain all the steps needed? I didn't understand for example if for each step i have to reboot in windows or only in bios and also when you say "save the setting and fully power off", i can only save and reboot from bios, i don't have the option "save and power off". I've also still plugged in the discrete tpm that i've bought, can it be a problem?
Moreover, when you say that Windows 11 should not boot after disabling secure boot and tpm, my windows 11 still normally boots, and also when you say that "You will notice Secureboot cannot be enabled at this point", i cannot notice that fact, i can still enable secure boot.
I would like to solve this problem with ftpm in the ryzen 5800x3d, thank for your attention and patience
Edit: i'm probably doing something wrong at BIOS side, because when i execute all the above mentioned steps and i reboot in windows, i see in windows security the tpm attestation voice saying "loading" instead of "not supported", and after some seconds it becomes "not supported". So a more detailed help would be appreciated in order to solve this problem
Edit 2:
Of course i don't have anymore the old ryzen to try swapping it back again since i sold it, i have only the new 5800x3d
marell, I have wondered how to install TPM and found this MS article. I have yet to install my little card (TPM 2.0). I planned on just powering down, plugging in the card, power up, boot into BIOS and Enable the TPM. Now I will read these MS instructions.
Have you ever installed a fresh copy of Windows during your saga? Thanks and enjoy, John.
Yes of course i’ve installed more times a fresh copy of windows, without solving nothing.
As said @wim-bart it’s a problem between tpm keys and secure boot keys, but i’m still unable to solve since i didn’t understand quite well the steps mentioned before.
Thanks, marell. I forgot to post the link to MS article. Sorry, please take a look. Enjoy, John.
I’ve done all the steps in the article, infact i have TPM enabled, not disabled. The problem is the attestation not supported as i said before. Infact i’m waiting for an answer by wim-bart in order to better understand the steps mentioned above since i think that they are the right way to try to solve my problem
Thanks, marell. Enjoy, John.
What important is that the trust between secure boot and tpm is restored. This can be done by disabling is secure boot. Reboot into bios. Then reset tpm from bios. Just disabling tpm is not enough. I have to look up how it is on ASUS because that is the boards I have.
7-1-2023:
As i promised i post information how to reset it. This is done from the BIOS, but the function must be available in the Advanced Settings of your motherboard. I use ASUS boards (and rarely other makes or it must be a cheap solution) . In ASUS under Advanced\Trusted Computing there is an option called "Pending Operation".
This option must be changed to TPM Clear:
After reboot, the option changes back to None. This is normal behavior. Don't do this when Bitlocker is Enabled, because this option clears the actual TPM on the system. It erases all keys inside the TPM chip (Discrete TPM or fTPM, the one what is used).
Be sure to completely poweroff the machine before rebooting. So in ASUS terms. Set this option to TPM Clear. Press F10, and then power off. After reboot Secure Boot can be enabled again.
I followed all your step in Asus BIOS (like your) and I also did CMOS after "TPM Clear" operation has done.
Then, booting in W11 I see "Secure Boot" correctly activated from System Info and unfortunately the attestation TPM of my 5800X3D come out as "Not supported".
I already repeated that stuff a few times, nothing changes.
Your half way. Now follow the instructions from part clear Windows TPM https://www.itechtics.com/fix-tpm-not-detected/
Yes I did also a clear TPM from Windows.
My steps are these:
1. Disable Secure Boot from BIOS.
2. Check that Secure Boot was disabled from BIOS and Windows.
3. Clear TPM from BIOS, save and restarted (my Bios restart the entire system to apply this setting). System restarted in the login screen, I powered off the PC.
4. Clear TPM from Windows and restarted the system.
This is strange, Windows should reclaim and initialise tpm after reboot.
can you enable tpm from TPM.msc management module?
In fact, I think that's exactly what happened: after TPM clear operation, Windows ask me to login and re-set "sign-in options" (such Windows Hello Pin).
I don't know what do you mean for enable but this is SS of TPM.msc:
As you can see, the only one available option is "Clear TPM".
you solved? I too have this annoying problem
Doesn't work. The problem isn't in user settings, it's with the CPU or motherboard firmware. I get the same problem with my 5900X / X570 motherboard (no CPU upgrade), on both Windows 10 and 11. BIOS and drivers are fully up to date.
I ran into a problem with Secure Boot being on in the BIOS, but not being on in Windows and am wondering if the same kind of thing could be happening here with the Attestation status. In BIOS under the Secure Boot settings, Secure Boot might show as Enabled, but if the Secure Boot Mode is in the wrong state, it might not be actually running (and, in this case, maybe that's interfering with TPM attestation):
You might try changing that Secure Boot Mode (if you have the option).
not sure but when I originally looked into having TPM running it locks the hard drive to the processor and Motherboard in use at time of activation and after that only one of these items can be changed afterwards as the encryption is locked to the hardware identity code of both the processor and the motherboard, so if both are changed the hard drive will be locked out.
It could be the reason for the error message as you are no longer using the original processor that was in use when TPM was activated.
I waited until I got my 5950x before installing my MSI 570X gaming motherboard to prevent this problem when I upgraded from a 2700X and 470X system.
Hello marell. Did you find a solution? I have the same issue with an x570s aorus master and a 5800x3d chip.
is this problem also the cause of random freezes in the pc?
Hello! Unfortunately there is still no solution to this problem, it’s very weird
Still no solution to this Widespread Known issue effecting Ryzen users who upgraded to 5800X3D. AMD get it together and support your products already
Hello. I'm having the same problem after replacing the 5600g processor with a 5600. My motherboard is MSI b550m pro vdh wifi. There is no problem when I plug in my old processor 5600g.And today I bought a new motherboard. MSI b550 Gaming Plus. attestation not supported. The problem still persists. I tried all the methods you suggested. I don't want to buy external tpm module. I wonder if a new method has been found for this problem. Can't I get rid of this problem without buying an external tpm module?
So this issue is still present and no fix yet.
Is it possible that we all got defective cpu's? Or fTPM module gets corrupted during the upgrade process?
Is there any new information? Has anyone solved the problem? The same problem occurs after upgrading the processor to 5700x3d
Just upgraded my MSI b450 gaming plus max to latest AGESA ComboAm4v2PI 1.2.0.Cc, still "attestation not supported"
For all the posts, I have never seen an Event Viewer screenshot of
" tpm attestation not supported", please post a few. Thanks, John.
see my new post below on this page
Apparently AMD already fixed this issue with a new firmware update.
The updated version is 3.92.2.5 (released in 2021)
Now it's up to the motherboard manufacturers to implement it with a BIOS update.
I know ASUS already did it last year, but MSI still didn't.
I have a MSI board and my TPM firmware version is still 3.92.0.5 (released in 2018).
Here is proof of what I am saying, from another user who had the same issue with an asus board:
Before: (2018 firmware)
After: (2021 firmware, after asus update on tpm firmware)
DO NOT accept a "fix" from people telling you to buy a discrete TPM. This doesn't fix the issue, fTPM should work as intended. I don't want a discrete TPM, I want my fTPM to work as intended.
So, for now, msi owners should pressure msi for this update.
I am doing it, already opened my ticket on msi website.
just replying now to say i successfully returned my msi motherboard because of this and bought an asus one as replacement, everything works fine now.