Search

Microsoft inspired fTPM Hades

Updated: Apr 30



Hell and home computing aspirations would seem to have a common thread to them these days and the subject of TPM is to be found in the most fiery parts of this inferno on offer to current users of computer technology.


Operating system vendors like Microsoft and Apple as well as those Linux folks seem to be coming up with all sorts of stuff to make the security aspects a tad tighter for those needing this sort of security.


I have to conclude most of this is imaginary or a Corporate enterprise ask for business computing as I certainly do not know anyone who would even want to have this on their own personal FRED, if it even slightly impacted the performance of said FRED.


I know I myself am certainly not a taker on this imagined ask.


Given a lot of people are using BYOD devices like I am, instead of or in place of your company laptop, this may get a tad contentious.


Now, while I appreciate the added security focus, security for securities sake that adversely impacts the computers' performance is something that is one of my pet irks.


On paper, Microsoft had a lot of great fantasmic new ideas about what Windows 7 then Windows 10 et al would deliver technology wise for the user of said computer system they are intending to run these operating systems on.


One by one, almost all of the hyped Microsoft new OS fantasia became a pipe dream as the technical and other difficulties they ran into during the beta testing phase became pretty serious obstacles which led to said features getting axed.


Why? The code was not baked and barely alpha.


Microsoft did not have the time to develop the thoughtware into actual functioning software.


This takes serious time to accomplish.


Microsoft basically killed most of these whizz bang must have features in the beta testing phases for each OS variant and delivered essentially the same OS in Windows 10 as Windows 7 was, just with a new GUI wrapper to make it look different.


Windows 10 to 11 was the same sort of thing bar this TPM malarkey although TPM was also in Windows 10 if you wanted to turn it on, that is.


TPM is something Microsoft could have done a much better job on, in my humble opinion.


My horde of personal Ryzen machines and our 20 test rig machines in my lab is where I get to test and operate all of these alleged new features and this has been my personal testing ground for the messing around and verification testing of this sort of thang.


When Windows 11 was launched it would not install on any of my hardware and the first iteration of the Windows 11 ready software had to be rewritten from scratch due to the issues that abounded with TPM not catered too in the BIOS or via TPM 2.0 hardware not plugged into the motherboard.


Most of us did not focus on TPM modules when we bought our hardware.


Microsoft has gone from install it if you want to mandatory install without testing the real world situation of a user doing this or checking if the hardware was ready and capable.


What I seriously struggle with is why Microsoft would limit their potential market for a new OS and force such mundane hardware upgrades?


Especially when the new hardware falls into the totally horrendous bucket or Microsoft themselves are failing spectacularly to write proper drivers for the new hardware, or even the old stuff for that matter?


Now I am hearing rumors from Redmond about removing these stupid hardware requirements so a lot of people can run Windows 11 on their existing hardware which is still perfectly capable.


The reason why is actually the massive switch to Ubuntu that has been going on at the desktop level by many folks.


So what was the point of the TPM rabbit hole in the first place then?


All of my latest computer gear had fTPM activated which is the firmware software replacement for a physical TPM module on the motherboard.


BIOS firmware in other words.


Observing all of the fTPM firmware software I have observed to date - no exceptions, has led me to conclude that they are all Exceedingly Piss Poor (EPP) in nature.


The TPM needs to be physical hardware on the motherboard and there should be an option, an actual user choice to run with or without it, just like Windows 10 offered.


This hiding a key in the BIOS firmware and using system memory space malarkey seems a tad problematic, to say the least.


It looks and feels like code a 3 year old let loose on Java would produce.


The problem is this TPM malarkey and especially the fTPM stuff causes a computer to stutter and stall while you are doing a task on it and it is having a pretty serious impact on the application the computer happens to be running at the time which often results in blue and black screens or badly stuttering applications.


This on top of the known USB issues going on with AMD based motherboards as well as the newer Intel Xeon based PCIe 4.0 Workstation systems.


I had enabled fTPM on every single one of my X570 and TRX40 motherboards and experienced some serious compute failures whilst running Chess AI or complex compute based software like CineBench and various electronic CAD software systems like P-CAD.


I eventually found these were all due to fTPM glitches and software stutters caused by the CPU halting proceedings while the TPM stuff was verified.


This should not happen. So why is this happening?


AMD had remained silent on this issue for months, but widespread reports indicated that AM4 Ryzen systems have long been plagued with system stuttering associated with enabling the fTPM (firmware trusted platform module) feature.


If I had a choice of TPM security vs smooth non-stuttering Computer performance I would forgo the security, every single time. It's a no-brainer!


The fTPM key resides in the SPI flash memory that's present on the motherboard (commonly referred to as a BIOS chip).


AMD says the fTPM issue involves intermittent latency introduced by fTPM-related memory transactions with the chip, leading to "temporary pauses in system interactivity or responsiveness."


The issue impacts AM4 systems that run the Zen+ to Zen 3 architectures but I have seen similar behaviors on the new Intel platforms I got my grubby paws on.


In fact, this TPM malarkey has cost me a lot of time and money and has adversely impacted all of my computing workloads very negatively.


ASUS, Gigabyte, MSI and the usual suspects in the Motherboard game also want a lot of insane money for a TPM module it costs them a mere $1.03 to make and package, selling for between $20 to $189.99, depending on how Ferengi the company that makes your mobo happens to be.


These guys are making thousands of percent margin on this little item by the way.


So I contacted my pals in Taiwan to find cheaper solutions and sure enough there are hordes of small shops selling the exact same thing, also for insane prices, but 1/5 less than what these motherboard manufacturers are demanding.


I will in future not buy a motherboard that does not come with TPM hardware in it from the get go.


fTPM had also turned my collection of computers into piles of inoperable junk - all the ones running Windows 11 or Sever 2019 that is.


This is why all my coding machines are now running Linux as the raw performance cannot be beat and they do not stutter while verifying TPM data because they simply do not do that.


However, there is no real alternatives for these sorts of CAD software systems that can run on Linux (that I can find at any rate).


I want to pressure Microsoft into TPM and non-TPM operating modes for the user to make the choice on when installing their OS as this TPM situation they have forced down our unwilling throats is totally ridiculous.


In effect it just does not work. You have to do unnatural acts to make it work.


Why?


It seems that there are serious opportunities for companies to make CAD software and alternatives for Linux as well.


Speaking with old Linus at the Linux Foundation has made me aware of some opportunities I myself am seriously contemplating diving into on a hobby basis for now.


In the meantime I concluded fTPM is a fat waste of time and acquired said TPM hardware from these small shops in Taipei and converted every single one of my workstations this past weekend from fTPM to actual TPM hardware.


By and large this TPM 2.0 hardware has at least made them all usable again.


One of the FRED's is usable, but not better.


The TPM module in that one may not be making good contact so I will need to fiddle a bit with it and make it so... (It was in fact so)..


I also picked up on some other "bugs" in AMD Ryzen 7 5000 series chipsets and also some in the new Intel PCIe 4.0 based Xeon workstation stuff I am playing with on the new ARC GPU test beds.


I am starting to think this sort of thing is going to make ARM based solutions the winner in the desktop world, also running Microsoft Windows for ARM of course.


Now do not think Intel does not have this exact same issue as AMD does. They most certainly do!


So far Intel is not being as open about it as AMD is being.


In any event, I can report these plug-in TPM 2.0 modules do indeed seem to solve the problem and I also heard that you can turn this off in Windows 11 but have not found a way to do that effectively yet.


If you are using bit-locker by the way, you will be in for another and more fiery part of this wonderful inferno that we call hell.


Oi Vey! (EPP).


I also noted that the Windows bypass for TPM involves you making a modified USB boot disk but that it still requires TPM 1.2 hardware!! Er...er....errr...splutter!


Double Oi Vey!! (DEPP).


There is a way to bypass this TPM malarkey on the AveYo link below. It is a batch file to incorporate into your custom USB boot disk setup. This does not seem to get around the need for a TMP module either by the way, just the 2.0 module.


I will have to play in the lab with a rig to verify.


MediaCreationTool.bat/Skip_TPM_Check_on_Dynamic_Update.cmd at main · AveYo/MediaCreationTool.bat · GitHub


Good luck!!


I will post updates on this subject as things change, new developments transpire, and results from my playing with the offered solutions in the lab to check on their actual viability, buts, gotchas and quirks etc.