Currently the oldest motherboards supporting TPM 2.0 are 80/90 with an updated BIOS. However not all 80/90 series motherboards have received an updated BIOS and no 60/70 series boards received updates despite them having a compatible connector.
I’ve seen a few people try TPM 2.0 on Z77 with Windows but it unsurprisingly didn’t work even though the device gets detected. Has anyone tried it using Linux since even Raspberry Pi and similar SBCs support TPM 2.0 modules there ? Even if Linux doesn’t get it working it should provide some useful information
Though I don’t have a TPM 2.0 module or knowledge about TPM protocol my guess is that the BIOS isn’t initializing the TPM 2.0 module correctly and/or missing/incorrect ACPI tables.
See https://trustedcomputinggroup.org/resource/tcg-acpi-specification/ for more information about the ACPI tables required for TPM 2.0.
Here’s a TPM related section in extracted DSDT from my B75M-D3H which only supports TPM 1.2.
Name (_HID, "INTC0102") // _HID: Hardware ID
Name (_CID, EisaId ("PNP0C31")) // _CID: Compatible ID
Name (_STR, Unicode ("TPM 1.2 Device")) // _STR: Description String
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
My guess is that fixing the ACPI tables will get it working.
If that doesn’t work then maybe patching/replacing the TPM initialization/command execution on the SMM module will be needed.
I was about to get some Asus TPM 1.2 14pin to a couple of M5F and Sabertooth, both Z77, when only MS was stating TPM2.0… but seeing that similar users were not capable of get them to work in 8/9 series, i gave up, them MS came with the “still” possible option on TPM 1.2 but all was bypassed already… still if you get the chance of testing one with patched DSDT that would be great for some one that still wants a physical device working.
It appears the TPM DSDT entry is used by the OS to call a SMI handler. So what needs to be done is taking the SMI handler UEFI module from a supported board and also fixing the DSDT entry.
I have a lot of TPM 2 Supported boards from X99 to Z170.
I also have a Z97 UD5h that apparrently has TPM 2 support on an experimental Beta bios for the black bin edition.
I’ll need to contact Gigabyte for that link though, since they don’t share the bios link here.
Let me know where I might need to dig for that - some nice low hanging fruit to be found here.
I’ve soldered on a TPM 9665 from infineon for a HP motherboard running H81 or something, but that doesn’t seem to work whatsoever under windows - despite being an identical pinout to the 1.2 spec.
So the idea is, if I can somehow get the TPM firmware into the bios, which I’ve found somewhere in the DXE’s and the further sections at the end of the bios, which contain them, maybe we can port them straight in via DXE and otherwise injection methods in the same way.
I’ve got quite the board collection too - A ton of Asus maximus boards of the Z87 and Z97 and Z77 eras. Some of those might support TPM 2, but I’m not sure atm
PS: I am looking for a way to modify the Q150 chipset from HP, (unprotected by surestart) but the intel tool doesn’t compile the end bios - any way to do it outside of linux to add all xeon 6 gen support?
@Wingklip You’d have to swap/insert the DXE/PEI modules with ones from a similar TPM 2.0 board and also change the DSDT section I mentioned to be from that board.
The DSDT section tells the OS how to call the SMI handler (which is setup by SMI handler DXE)
Care to explain part 2? I can drag in all the PEI and DXE modules, but I’m unfamiliar with the modding the DSDT side of things and the SMI handler.
I think I’m meant to replace the existing ones, and put them in the same order
@Wingklip SMI handlers are just DXE drivers labeled as SMI in UEFITool. To modify DSDT you have to use AmiBoardInfoTool to extract/rebuild and iasl to decompile/recompile. Or you can just make Windows load modified DSDT but it will be test mode then
god that sounds a bit out of depth
Where do I even download these/do I have to force myself to learn linux to run the scripts?
Might be easier to pay you some australian dollars XD
I’m thinking we could drag and drop the SMI handlers as well for the appropriate TPM modules? Or is this really requiring mod only?
@Wingklip the method to extract, decompile and rebuild dsdt in amiboardinfo is described here
I can provide the bioses for testing for now – I might need a demonstration XD
I wonder if the Superio is uniquely addressed in the DSDT/SMI handler section for TPM? Since all the pinouts come off the Superio