[Discussion] TPM 2.0 on unsupported motherboards

Currently the oldest motherboards supporting TPM 2.0 are 80/90 with an updated BIOS. However not all 80/90 series motherboards have received an updated BIOS and no 60/70 series boards received updates despite them having a compatible connector.

I’ve seen a few people try TPM 2.0 on Z77 with Windows but it unsurprisingly didn’t work even though the device gets detected. Has anyone tried it using Linux since even Raspberry Pi and similar SBCs support TPM 2.0 modules there ? Even if Linux doesn’t get it working it should provide some useful information

Though I don’t have a TPM 2.0 module or knowledge about TPM protocol my guess is that the BIOS isn’t initializing the TPM 2.0 module correctly and/or missing/incorrect ACPI tables.

See https://trustedcomputinggroup.org/resource/tcg-acpi-specification/ for more information about the ACPI tables required for TPM 2.0.

Here’s a TPM related section in extracted DSDT from my B75M-D3H which only supports TPM 1.2.

Device (_SB.PCI0.ITPM)
    {
        Name (_HID, "INTC0102")  // _HID: Hardware ID
        Name (_CID, EisaId ("PNP0C31"))  // _CID: Compatible ID
        Name (_STR, Unicode ("TPM 1.2 Device"))  // _STR: Description String
        Name (_CRS, ResourceTemplate ()  // _CRS: Current Resource Settings

My guess is that fixing the ACPI tables will get it working.

If that doesn’t work then maybe patching/replacing the TPM initialization/command execution on the SMM module will be needed.

1 Like

I was about to get some Asus TPM 1.2 14pin to a couple of M5F and Sabertooth, both Z77, when only MS was stating TPM2.0… but seeing that similar users were not capable of get them to work in 8/9 series, i gave up, them MS came with the “still” possible option on TPM 1.2 but all was bypassed already… still if you get the chance of testing one with patched DSDT that would be great for some one that still wants a physical device working.

It appears the TPM DSDT entry is used by the OS to call a SMI handler. So what needs to be done is taking the SMI handler UEFI module from a supported board and also fixing the DSDT entry.

I have a lot of TPM 2 Supported boards from X99 to Z170.

I also have a Z97 UD5h that apparrently has TPM 2 support on an experimental Beta bios for the black bin edition.

I’ll need to contact Gigabyte for that link though, since they don’t share the bios link here.

Let me know where I might need to dig for that - some nice low hanging fruit to be found here.

I’ve soldered on a TPM 9665 from infineon for a HP motherboard running H81 or something, but that doesn’t seem to work whatsoever under windows - despite being an identical pinout to the 1.2 spec.

So the idea is, if I can somehow get the TPM firmware into the bios, which I’ve found somewhere in the DXE’s and the further sections at the end of the bios, which contain them, maybe we can port them straight in via DXE and otherwise injection methods in the same way.

I’ve got quite the board collection too - A ton of Asus maximus boards of the Z87 and Z97 and Z77 eras. Some of those might support TPM 2, but I’m not sure atm

PS: I am looking for a way to modify the Q150 chipset from HP, (unprotected by surestart) but the intel tool doesn’t compile the end bios :confused: - any way to do it outside of linux to add all xeon 6 gen support?

@Wingklip You’d have to swap/insert the DXE/PEI modules with ones from a similar TPM 2.0 board and also change the DSDT section I mentioned to be from that board.

The DSDT section tells the OS how to call the SMI handler (which is setup by SMI handler DXE)

1 Like

Care to explain part 2? I can drag in all the PEI and DXE modules, but I’m unfamiliar with the modding the DSDT side of things and the SMI handler.

I think I’m meant to replace the existing ones, and put them in the same order

@Wingklip SMI handlers are just DXE drivers labeled as SMI in UEFITool. To modify DSDT you have to use AmiBoardInfoTool to extract/rebuild and iasl to decompile/recompile. Or you can just make Windows load modified DSDT but it will be test mode then

god that sounds a bit out of depth
Where do I even download these/do I have to force myself to learn linux to run the scripts?
Might be easier to pay you some australian dollars XD

I’m thinking we could drag and drop the SMI handlers as well for the appropriate TPM modules? Or is this really requiring mod only?

@Wingklip the method to extract, decompile and rebuild dsdt in amiboardinfo is described here

I can provide the bioses for testing :sweat_smile: for now – I might need a demonstration XD

I wonder if the Superio is uniquely addressed in the DSDT/SMI handler section for TPM? Since all the pinouts come off the Superio

I’ve got the elusive z97x ud5h black edition bios, where can I send or attach it?

It contains TPM 2 code and DXE’s, so we can strip it for that and maybe port it to 2-5th gen

Can’t u just upload it to the forum after compressing?

I don’t have a BIOS flasher or TPM module so can’t really mess with it

@Wingklip

Z97XUD5HBK.F9d.zip (9.3 MB)
Here’s the file, it’s for 4th and 5th gen and I still retain the motherboard for potential testing.

I have the UD5h which doesn’t have TPM capable bios let alone the BK edition betas.
Apparently people were able to cross flash this across to that board at the cost of XMP.

Own a Z97X-UD5H, wondering if there are any updates on getting the tpm 2.0 support ported over. @Wingklip Thank you for the bk bios.

Did you get your board to work with a TPM 2 module? I happen to have a pin compatible TPM 2 module + a Gigabyte B75M-D3H and I was curious if you’d be able to share your modified bios (if you got it to work). Thanks.

@samuel.allred No I didn’t even try a TPM module yet. You could try module swapping in TPM 2 modules and DSDT edit or something. Look at TPM 2 motherboard DSDT for reference

Would love to see this happen.

Got a bit bored this morning and looked at what would be needed for DSDT edits.

If you didn’t care about keeping 1.2 support, some of the logic can be ripped out/replaced.

Untested, of course, but this patch seems to be all that’s needed on my board (at least with the ACPI tables). The resources and device specific methods appear to be same/similar.

2736,2744c2736,2745
<                 Method (_STA, 0, NotSerialized)  // _STA: Status
<                 {
<                     If (TPMF)
<                     {
<                         Return (Zero)
<                     }
< 
<                     Return (0x0F)
<                 }
---
> 				// Causes the system to assume TPM is *always* enabled
>                 //Method (_STA, 0, NotSerialized)  // _STA: Status
>                 //{
>                 //    If (TPMF)
>                 //    {
>                 //        Return (Zero)
>                 //    }
> 				//
>                 //    Return (0x0F)
>                 //}
11645c11646,11647
<                 Return (0x0201D824)
---
>                 //Return (0x0201D824)
> 				Return ("MSFT0101") // https://bugzilla.kernel.org/show_bug.cgi?id=98181#c25
11650c11652,11653
<         Name (_STR, Unicode ("TPM 1.2 Device"))  // _STR: Description String
---
>         //Name (_STR, Unicode ("TPM 1.2 Device"))  // _STR: Description String
> 		Name (_STR, Unicode ("TPM 2.0 Device")) // Seems to be optional according to spec, but identify it here
11713c11716,11717
<                     Return ("1.2")
---
>                     //Return ("1.2")
> 					Return ("1.3")

@whatnot I do think there are several DXE/PEI modules that have to swapped too. Only way to know is by testing tho

I was going to try enabling TPM 2.0 on my P9X79-Pro, but for some reason the pro version does not have a TPM connector while the non pro version of this motherboard does have.

Take a look at Asus H97M-E 2702 BIOS and on any BIOS before that, you can spot in the DSDT changes they have made to support TPM 2.0 modules on top of the support for TPM 1.2 that already existed.


Seems a lot like the changes you have made (there are more TPM changes that were not shown in this picture).

Thought I’d share if anyone else wants to give it a go. Might even try myself sometime.