Cannot enable Intel PTT (TPM 2.0) at ASUS motherboard

I have an ASUS Z170-A motherboard with an Intel Core i7-6700K CPU (latest BIOS 3802 and IME firmware); I just can’t figure where and how to enable Intel PTT:
Intel(R) Platform Trust Technology - PRESENT/DISABLED
There is no PTT setting anywhere in the BIOS. I never had any use for it, so I never noticed it until it was mentinoned by Windows 11 requirements.
Launch Windows PowerShell as Admin and type: get-tpm
Windows key + R and type: tpm.msc
UPDATE OCTOBER 2021: I have since enabled PTT/TPM 2.0 using @maxdarksol instructions (post #12)
Cannot enable Intel PTT (TPM 2.0) at ASUS motherboard
A simple GRUB command without modifying the BIOS: setup_var 0x6A6 0x1
Thank You to everyone who contributed!

U dont see it because u dont have any HW module connected to the header (ID 16 on ur manual).

z170.jpg


EDIT: This is part of latest bios 3802 version content, the only thing i cannot assure u, is witch of all the options will be available with a connected TPM module.

11.jpg

22.jpg

33.jpg



I see, then i misunderstood ur question about the possible related TPM settings, sorry i wasted ur time, good luck then.

You can try to use AMIBCP to modify the PTT default & optimized settings in the hidden PCH-FW configuaration.
And flash the mod_bios see it is work or not.

You have to buy the 14 PIN TPM Module and insert it on its motherboard connector.

On my newer asus it was under "Advanced\PCH-FW configuration" with a single "TPM Device Selection" option. The correct setting is firmware TPM, the default is "discrete" TPM even if not installed for some reason

I tried enabling PTT HW SUPPORT with AMIBCP. Now I have the menu as mentioned by jmg1138, too. You can select dTPM or PTT. Selecting PTT and saving/resetting causes nothing to show up TPM wise in Windows AND the setting is reset inside UEFI. So… this does not help here. At least that alone does not.

Did you disable Intel ME with me_cleaner or similar utilities? PTT is built on ME basis, so disabled ME = missing PTT
Look at ME FW Version, if it is 0.0.0.0 => ME is in disabled state.


PTT is completely chipset feature, unrelated to CPU

Same here. 100% official BIOS used, enabled PTT HW SUPPORT and nothing keeps active. There even is a line with information now: PTT Capability / State : 0 / 0
So right now… no PTT found by modded BIOS I guess

Adjusting UEFI hidden settings without flash mod_BIOS
1.get your BIOS(Download from the official website of the device or back up your current BIOS with AFUWIN64 )
2.Using AMI setup IFR extractor in UBU to get configuration file offset
3.Find the “setup_extr.txt” of your motherboard from the ubu directory,open it.
4.ctrl+F Search the key words"TPM Device Selection" for Intel motherboard
5.get the VarStoreInfo (VarOffset/VarName) and Option,
such as “One Of: TPM Device Selection, VarStoreInfo (VarOffset/VarName): 0x6A6, VarStore: 0x1, QuestionId: 0x279D, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 5E 10 5F 10 9D 27 01 00 A6 06 14 10 00 01 00}
Default: DefaultId: 0x0, Value (8 bit): 0x0 {5B 06 00 00 00 00}
One Of Option: dTPM, Value (8 bit): 0x0 {09 07 61 10 00 00 00}
One Of Option: PTT, Value (8 bit): 0x1 {09 07 60 10 00 00 01}”
6.Make a support setup_var command grub boot disk.format your Udisk to FAT32,then make dir /efi/boot/bootx64.efi
7.disable secure boot,and boot to the Udisk
8.use the command “setup_var 0x6A6”,output the result “0x0”,it means dTPM.You can type"setup_var 0x6A6 0x1" to transfer PTT.
9.Shut down your coumuter,boot to windows10, run tpm.msc,Check TPP start or not.
10.go to UEFI enable the secure boot.

1 Like

Maybe it depends on the BIOS version. I have Z170-P with BIOS v.1902 and PTT is present in BIOS options.
Unfortunately I cannot test it on newer BIOSes since my ES processor is not supported by new BIOS.

You can try to rollback to older BIOS via FPT utility (do not use ASUS Flashback or some builtin tool, it cannot properly downgrade 3xxx BIOS to 1xxx/2xxx) from CSME System Tools 11 package.

- extract BIOS from CAPsule via UEFITool
- open extracted file again in UEFITool
- search for GUID 68DB9E58-4B9C-4E60-8DA6-9A714DC3EDD3, find it, remove and save file.
- flash

1
 
FPTW64 -BIOS -F file.rom
 

Thank you so much maxdarksol worked like a charm!!! I set the secure boot option to "Other OS" saved and then selected to boot from the USB. Strangely the first time I did it I was unsuccessful and the BIOS just reverted to the 0x0 setting. But I tried it again and after powering up the PC second time to see if the command stuck the PC powered off before POST and powered on again, and to my surprise it worked as you can see in the images! Thanks again!

SharedScreenshot.jpg


For the convenience of others, I hope you can provide the detailed model of your motherboard, UEFI version and varstoreinfo (varoffset / Varname)

@maxdarksol - Hi, I have a Maximus VIII Ranger (Z170) based motherboard as well. I did everything as you described but TPM still does not work. I am using an i5 7600K processor with the latest BIOS version (3802). Any help from you is greatly appreciated. Thanks in advance.

@theWillow - Hi, did you update the ME Firmware on your Z170-A previously?


You can use AMIBCP to retrieval the BIOS directory structure.
In addition to switching dptm to PTT, you need to keep security device support enable.
setup_var 0x6A6 0x1 setup_var 0xEF0 0x1

222png.png

@maxdarksol It’s the same motherboard as the OP (although with a different UEFI version) so same varstoreinfo as you provided, but I can gladly look it up for different boards if someone can’t find it.

@itsakjt I did update it when the whole spectre/meltdown thing was happening, can’t remember if I did again later but the ME FW version is 11.8.50.3399 and the UEFI version is 3504 as you can see from the pic.

YxGQ5NK - Imgur.png

Just giving feedback here: I followed the instructions of @maxdarksol and have now PTT enabled: https://imgur.com/a/fzHWCXJ A bunch of TPM settings are now also available under Advanced/Trusted Computing in the BIOS menu. Board is ASUS Z170-Deluxe (BIOS version 3801) with a 6700k. I previously updated the Management Engine to the latest version from plutomaniac’s thread (11.8.86.3909 H). varstoreinfo was the same as in the instructions. Thanks for helping us out!

@Dogg thanks for letting me know after I enabled it I didn’t care to look in the advanced tab in the BIOS. But yeah same thing you saw a whole new menu appeared.

1 - w5TXAXj.png

2 - 4zpAoBM.png


After switching DTPM to PTT, is there Tursted Computing menu in your UEFI advanced?


You can also adjust the PPI specification version from 1.2 to 1.3 in the trust computing menu
view the effect in Microsoft defender

11111.jpg

PTT is a feature implemented in the Management Engine (ME), which is built into the chipset. There exist, however, a great many processors that come as System on a Chip (SoC) packages that include both processor and chipset. Support was included starting in 4th gen systems that used SoC packages. Practically all SoC packages for 5th gen and later processors included PTT, as did the corresponding versions of the chipsets for Desktop, etc.

Now, it is important to say that whether a particular motherboard or system has PTT support is dependent upon the appropriate firmware being included, both in the ME and in the BIOS.