Which CPU/Mainboard generation really supports TPM 2.0 for Windows 11 regardless of Microsofts list?

windows windows-11 windows-11-preview tpm ftpm

I'd like to have a list, where i can see supported CPU/MB generations (not concrete models), goes into technical details what kind of TPM (fTPM, dTPM) is required.

Going into detail of technical reality of these MB/CPUs, and if i need a discrete TPM card or if the CPU/MB generation has an embedded/firmware TPM.

Sadly, the list from Microsoft is quite limited: "8th Gen Core an newer".


Solution 1:

Glossary:

  • TPM: Trusted Platform Module. A Hardware in a modern Windows Computer, which can be used/utilized for security:
    • directly by the OS (Windows and Linux)
    • by other Hardware, as Intel TXT/SMX
  • dTPM: discrete TPM 1.0/1.2 or 2.0; a module you (Plug) or the OEM (Plug or solder) needs to add to your main board, usually proprietary modules via a 13, 15, 17, 19 Pin connector (pre 2015)
  • fTPM: Firmware TPM; is always TPM 2.0 compatible. A module embedded into the CPU or Chipset. (from 2015 to this day) No need for a dTPM on the mainboard anymore. But dTPM can be used too.
  • Intel TXT/SMX: a Intel CPU Extension which utilizes a separate dTPM or fTPM; TXT/SMX does not contain an fTPM or dTPM
  • Intel PTT: intels Hardware implementation of fTPM; embedded/integrated in the Chipset since LGA 1151 (anno 2015)
  • AMD PSP: Platform Security Processor, AMDs umbrella Term for any of the Intel equivalents to TXT/SMX, PTT, fTPM, Intel ME
    • fTPM is build into the CPU/SOC/APU since 2018
    • side note: AMDs fTPM is acutally a ARM Cortex-A5 TrustZone
  • TPM 2.0: (usually) includes support for 1.0 and 1.2
  • TPM 1.0/1.2: old TPM spec. (Pre 2013)

There are three options:

General Intel AMD
mostly no hw-support for a dTPM
not able to run Windows 11		 pre 2013
Not officially supported, but should work with Windows 11, if you buy/have a dTPM with TPM 2.0 support

A lot of the Mainboards have a proprietary socket for a dTPM

A dTPM (or alternatively fTPM) is required!
The TPM itself is not included, but may be present. Plugged/soldered on the MB by OEM or the user

If you have a dTPM you should be able to enable it in BIOS/UEFI and run Windows 11.

You should be able order a dTPM for your specific mainboard. Look in the manual for the correct PIN count		 since 2013

separate dTPM required

None of the LGA1150 (aka. 4th and 5th Gen Core CPU) Chipsets (H81, C222, B85, C224, Q85, Q87, C226,H87, Z87) and prior have PTT support, hence no embedded/integrated fTPM		 since 2016/2017

- separate dTPM required
- no embedded fTPM

this concerns Zen (1fst gen)/Ryzen 1000 Mainboards
official windows 11 support.
a fTPM module embedded/integrated into the CPU or Chipset		 since 2015

fTPM (which Intel calls PTT) included in every Chipset (except C236)

All LGA1200 (8/9/10/11th gen core CPU) with 400 and 500 chipset have PTT support

All (except one) of the LGA1151 (6/7th gen Core cpu) Chipsets (100, 200, 300, except C236) have PTT support		 since 2018

fTPM included in every SOC/CPU

Socket AM4, "Zen+" (Ryzen 2000), "Zen 2", "Zen 3" and newer contain an embedded fTPM

Examples for dTPMs you should be able to buy and use it to upgrade your PC:

  • ASRock TPM-S Module (18-1 pin)
  • ASUS TPM-M R2.0 (14-1 pin)
  • Gigabyte GC-TPM2.0 (20-1 pin)
  • MSI TPM 2.0 MODULE (12-1 pin)
  • Intel TPM Module AXXTPME3 for Xeon E3 Systems (14-1 pin)

PS:

  • Excellent article for further reading: https://pupuweb.com/how-to-enable-tpm20-install-upgrade-windows11/
  • excellent tool for checking your compatability: https://github.com/rcmaehl/WhyNotWin11

Side note:

  • UEFI is required
  • CSM needs to be disabled (CSM="Compatibility Support Module" an option on many UEFI Mainboard to emulate BIOS Boot)
  • boot disk needs to be GPT (CSM/BIOS Mode implies MBR; Windows 10 contains the tool MBR2GPT which converts your disk from MBR to GPT within seconds and without dataloss)

My Experience:

I have a 4th Gen Intel CPU (E-1230 v3) with H87 chipset, so no fTPM. I I bought the appropriate dTPM from my Mainboard manufacturer. Upgraded the BIOS/UEFI to the latest beta Version. And voila TPM 2.0 is available in Windows..

I also needed to:

  • convert my disk from MBR to GPT with MBR2GPT.exe
  • disable CMS mode in UEFI

Related

Shortcut for Thunderbird's unread mails
Backup folder view settings
How to enable the search box in Mozilla Thunderbird
Windows 8 won't boot after deleting files in C drive from Ubuntu
How does an OS communicate with other hardware components?
S.M.A.R.T. Hard drive failure test?
How can I find all UTF-16 encoded text files in a directory tree with a Unix command?
What is the best way to make Calculate SHA1 as a context menu option in Mac OS X?
Clipboard addon to remove text formatting
How do I clone a repository when I'm behind a proxy?
In yum, what is presto?
gVim control characters on Windows