Currently the oldest motherboards supporting TPM 2.0 are 80/90 with an updated BIOS. However not all 80/90 series motherboards have received an updated BIOS and no 60/70 series boards received updates despite them having a compatible connector.
I’ve seen a few people try TPM 2.0 on Z77 with Windows but it unsurprisingly didn’t work even though the device gets detected. Has anyone tried it using Linux since even Raspberry Pi and similar SBCs support TPM 2.0 modules there ? Even if Linux doesn’t get it working it should provide some useful information
Though I don’t have a TPM 2.0 module or knowledge about TPM protocol my guess is that the BIOS isn’t initializing the TPM 2.0 module correctly and/or missing/incorrect ACPI tables.
I was about to get some Asus TPM 1.2 14pin to a couple of M5F and Sabertooth, both Z77, when only MS was stating TPM2.0… but seeing that similar users were not capable of get them to work in 8/9 series, i gave up, them MS came with the “still” possible option on TPM 1.2 but all was bypassed already… still if you get the chance of testing one with patched DSDT that would be great for some one that still wants a physical device working.
It appears the TPM DSDT entry is used by the OS to call a SMI handler. So what needs to be done is taking the SMI handler UEFI module from a supported board and also fixing the DSDT entry.
I have a lot of TPM 2 Supported boards from X99 to Z170.
I also have a Z97 UD5h that apparrently has TPM 2 support on an experimental Beta bios for the black bin edition.
I’ll need to contact Gigabyte for that link though, since they don’t share the bios link here.
Let me know where I might need to dig for that - some nice low hanging fruit to be found here.
I’ve soldered on a TPM 9665 from infineon for a HP motherboard running H81 or something, but that doesn’t seem to work whatsoever under windows - despite being an identical pinout to the 1.2 spec.
So the idea is, if I can somehow get the TPM firmware into the bios, which I’ve found somewhere in the DXE’s and the further sections at the end of the bios, which contain them, maybe we can port them straight in via DXE and otherwise injection methods in the same way.
I’ve got quite the board collection too - A ton of Asus maximus boards of the Z87 and Z97 and Z77 eras. Some of those might support TPM 2, but I’m not sure atm
PS: I am looking for a way to modify the Q150 chipset from HP, (unprotected by surestart) but the intel tool doesn’t compile the end bios - any way to do it outside of linux to add all xeon 6 gen support?
@Wingklip You’d have to swap/insert the DXE/PEI modules with ones from a similar TPM 2.0 board and also change the DSDT section I mentioned to be from that board.
The DSDT section tells the OS how to call the SMI handler (which is setup by SMI handler DXE)
@Wingklip SMI handlers are just DXE drivers labeled as SMI in UEFITool. To modify DSDT you have to use AmiBoardInfoTool to extract/rebuild and iasl to decompile/recompile. Or you can just make Windows load modified DSDT but it will be test mode then
god that sounds a bit out of depth
Where do I even download these/do I have to force myself to learn linux to run the scripts?
Might be easier to pay you some australian dollars XD
I’m thinking we could drag and drop the SMI handlers as well for the appropriate TPM modules? Or is this really requiring mod only?
Z97XUD5HBK.F9d.zip (9.3 MB)
Here’s the file, it’s for 4th and 5th gen and I still retain the motherboard for potential testing.
I have the UD5h which doesn’t have TPM capable bios let alone the BK edition betas.
Apparently people were able to cross flash this across to that board at the cost of XMP.
Did you get your board to work with a TPM 2 module? I happen to have a pin compatible TPM 2 module + a Gigabyte B75M-D3H and I was curious if you’d be able to share your modified bios (if you got it to work). Thanks.
@samuel.allred No I didn’t even try a TPM module yet. You could try module swapping in TPM 2 modules and DSDT edit or something. Look at TPM 2 motherboard DSDT for reference
Got a bit bored this morning and looked at what would be needed for DSDT edits.
If you didn’t care about keeping 1.2 support, some of the logic can be ripped out/replaced.
Untested, of course, but this patch seems to be all that’s needed on my board (at least with the ACPI tables). The resources and device specific methods appear to be same/similar.
2736,2744c2736,2745
< Method (_STA, 0, NotSerialized) // _STA: Status
< {
< If (TPMF)
< {
< Return (Zero)
< }
<
< Return (0x0F)
< }
---
> // Causes the system to assume TPM is *always* enabled
> //Method (_STA, 0, NotSerialized) // _STA: Status
> //{
> // If (TPMF)
> // {
> // Return (Zero)
> // }
> //
> // Return (0x0F)
> //}
11645c11646,11647
< Return (0x0201D824)
---
> //Return (0x0201D824)
> Return ("MSFT0101") // https://bugzilla.kernel.org/show_bug.cgi?id=98181#c25
11650c11652,11653
< Name (_STR, Unicode ("TPM 1.2 Device")) // _STR: Description String
---
> //Name (_STR, Unicode ("TPM 1.2 Device")) // _STR: Description String
> Name (_STR, Unicode ("TPM 2.0 Device")) // Seems to be optional according to spec, but identify it here
11713c11716,11717
< Return ("1.2")
---
> //Return ("1.2")
> Return ("1.3")
I was going to try enabling TPM 2.0 on my P9X79-Pro, but for some reason the pro version does not have a TPM connector while the non pro version of this motherboard does have.
Take a look at Asus H97M-E 2702 BIOS and on any BIOS before that, you can spot in the DSDT changes they have made to support TPM 2.0 modules on top of the support for TPM 1.2 that already existed.
Hi there,
I’ve just registered to summarize my experiances with adding TPM 2.0 support to the Z97X-UD5H Motherboard. Unfortunately there is no official BIOS for this MB to support TPM 2.0 but there is a development BIOS for Z97X-UD5HBK (as already mentioned by @Wingklip) which does exactly that. Those boards are almost exactly the same and I can confirm, that cross flashing the F9d for BK Version on the Z97X-UD5H works at the cost of XMP. The TPM 2.0 works as expected then. Nevertheless I’ve tried to modify the F10 and F11d BIOS for the Z97X-UD5H to see if it can be forced to support TPM 2.0.
I’ve swapped out all the PEI and DXE Modules that seemed to have any connection to TPM. I’ve also added some missing PEI/DXE Modules, such as Tpm20PlatformDxe, TrEEDxe, Tpm20Acpi, AmiTpm20PlatformPei. Then I compared the differences in DSDT. It seems that the only difference was the added support for TPM 2.0. So I just took the DSDT from UD5HBK, recompiled it and replaced it in UD5. After it didn’t seem to work I also tried to swap out the whole AmiBoardInfo DXE.
Unfortunately all of those changes didn’t seem to work. The only change, that I could see was that in the TPM Subsection of the BIOS it said “Reset Required” instead of “TPM SUPPORT TURNED OFF”. Then I just gave up and tried to modify the Z97XUD5HBK.F9d to support XMP on Z97X-UD5H, also without success :(.
Now I just cross flashed the original Z97XUD5HBK.F9d and left it at that for now.
If someone has an idea what I did wrong or what I can try next, I would appreciate it. If not I’m just going to stick with Z97XUD5HBK.F9d…