Baffling Windows 11 TPM Bug Is Wreaking Havoc On Some AMD Ryzen Systems

erek

erek

[H]F Junkie
Joined
Dec 19, 2005
Messages
10,898
Hmm

"This issue is highly reminiscent of the AMD fTPM bug that was plaguing Ryzen systems a year ago, causing system stuttering to occur. But this new bug is substantially worse since the issue can prevent the TPM module from functioning at all. Again, Microsoft has not announced an update, so we don’t know when this will be fixed. If you’re affected by this bug, the best thing you can do is buy a dedicated TPM module for your system. These external TPM modules usually cost less than $40, and are installed into an internal slot on a motherboard. Given AMD’s track record with poor fTPM stability, it could be wise to switch to a dedicated TPM anyways so mishaps like this don’t happen again."

small_green-check-mark.jpg


Source: https://hothardware.com/news/windows-11-tpm-bug-wreaking-havoc-on-amd-ryzen-systems
 
Let's put "Wreaking Havok" in the title to hype things up a bit. Let's also play on the Windows 11 hate by only mentioning Windows 11 despite the issue also occurring on Windows 10.

Keeping in mind that neither Windows 11 or 10 even requires TPM to actually run, the real issue at hand, burried deep in the article, is:

This issue is a big problem for users who actively use the built-in TPM module for data encryption. This bug can prevent encrypted data from being accessed, and in a worst-case scenario prevent boot-ups entirely if the boot drive is encrypted. The TPM module serves as an added layer of security that houses very important authentication keys for the encrypted data it is securing. If the security application does not have backup keys, losing the TPM module can mean the loss of the encrypted data as well.
Click to expand...

Yeah, that would suck if you are using something like bitlocker linked to TPM and all of a sudden TPM stops being recognized. But if you lost your backup keys, that's your fault. Issues like this are why those backup keys exist.

It really sounds more like an AMD issue than a Microsoft issue. It's probably best to just not use TPM at all if possible.
 
I see discrete TPM modules on Amazon for $25-30ish.

They appear to be vendor specific with the $25ish being gigabyte and the $30ish Asus, MSI is only $20.

I dont know much at all about TPM modules. I assume once plugged in and used removing will make your HD's unreadable. I dont know if they are interoperable between brands - are there generic ones? Do we have a reason to only use the correct matching branded ones? Would plugging in one re-encrypt or lost the key to anything on the HD's requiring a format and rebuild of the system from windows up?



I am wondering when the Asus tax catches up to the Apple tax.

If anyone can help with my curiosities I am all ears.
 
Hummm.... like someone once said years ago:

"There are no bugs in windows, only features that you may or may not know how to use or even find" hehehe :D

And like my old drill sgt in the army was so fond of saying when the recruits asked if they could have a smoke....

"light 'em up if ya got 'em, simulate 'em if ya don't"
 
GotNoRice said:
Let's put "Wreaking Havok" in the title to hype things up a bit. Let's also play on the Windows 11 hate by only mentioning Windows 11 despite the issue also occurring on Windows 10.

Keeping in mind that neither Windows 11 or 10 even requires TPM to actually run, the real issue at hand, burried deep in the article, is:



Yeah, that would suck if you are using something like bitlocker linked to TPM and all of a sudden TPM stops being recognized. But if you lost your backup keys, that's your fault. Issues like this are why those backup keys exist.

It really sounds more like an AMD issue than a Microsoft issue. It's probably best to just not use TPM at all if possible.
Click to expand...
For residential sure you can get away with not running full encryption, for business and enterprise it's no longer an option it's a necessity. It doesn't solve all the problems but it makes the task of getting the data out in a readable manner a lot harder.
AMD's TPM solutions have been problematic from the get-go, I have no doubt that this will get fixed with an AGESA update and some drivers in the near future.
At least with Bitlocker the keys are stored in your online profile so you can get it from there.
 
Lakados said:
For residential sure you can get away with not running full encryption, for business and enterprise it's no longer an option it's a necessity. It doesn't solve all the problems but it makes the task of getting the data out in a readable manner a lot harder.
Click to expand...

It's fully possible to use Bitlocker without TPM, it just means that you have to enter your bitlocker password every time you startup or reboot your computer. Not a big deal, just an occasional minor inconvenience, since most computers these days just use sleep, and aren't actually rebooted very often.
 
GotNoRice said:
It's fully possible to use Bitlocker without TPM, it just means that you have to enter your bitlocker password every time you startup or reboot your computer. Not a big deal, just an occasional minor inconvenience, since most computers these days just use sleep, and aren't actually rebooted very often.
Click to expand...
But it is incredibly slow when accessing encrypted network shares, so you can do it, but it is not worth the effort, and in the case of network shares if the machine falls asleep while the files are open they get converted to read-only and even after you wake it back up that doesn't always revert over and yeah... It's not worth the headache.
 
You must log in or register to reply here.
Back
Top