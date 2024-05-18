TPM TPM2.0 Module ASRock TPM 18-1 Pin Security Module Board Win11 for Infineon​

Hi all,I recently upgraded my X99/5820K HTPC to Windows 11 using Rufus, but wanted to circle back and see if I could get a TPM 2.0 module working in case of future issues. I was successful, but it took some extra research and steps to get it working.The X99 I have is the ASRock X99 Extreme43.1. It's a late-stage X99, so it came with extra goodies like USB 3.1, NVME support, and a TPM slot. In this case, it's an 18-1 slot and it supports TPM 2.0. I thought with the 2.0 slot there I was a made man and this was going to be an easy process. Wrong.I went to Ebay and found this guy:Ordered, it arrived fairly quickly, popped it in, and enabled secure boot. Everything seemed fine until I checked Attestation status. Result wasand. WTF?After a deep dive, I found out security flaws have been found in TPM modules over the years. Usually, these flaws are patched by mobo manufacturers in BIOS updates, but obviously this doesn't help with stand-alone cards. Firmware on my card out of the box was 5.63.3144.0, which seemed to be fully patched from my research, because it was after a well-publicized 2018 security flaw. Turns out, forum threads from 2018 are no longer accurate. For Win11, there's yetfirmware update available that takes Infineon cards to. With no stand-alone patcher from Infineon to use (WTF), and my mobo long past EoL, the fine folks at Prema Mod provided a firmware updater that runs on a USB stick and takes numerous cards to the newer version. Here is a good forum thread about it with the download:If you're interested,. On my mobo, disabling the TPM slot entirely was necessary for the firmware to update, which because of a quirk of the board, meant I had to clear CMOS after the patch to get the TPM slot back. Just disabling all of the options on the card was not enough and the updater failed. The card had to be disabled fully. YMMV. Some mobos might be able to just disable the card itself.Anyway, success:There we go. Good attestation and firmware 5.63.3353.0 on an X99. Obviously, I still have a 5820K, but if that becomes an issue in the future, I'll address it then. I hope this post helps someone. Good luck!