AMD fTPM - What does this firmware option do?
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to protect cryptographic keys (including smart-card private keys and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
-
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
-
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.