I hope this day finds you well. Just signed up and hoping the smart people here will be able to help me resolve this nagging issue.
Long story short, I have my system specs entered into my profile but briefly, I have a framework 13 laptop with an 11th gen intel processor. It has always ran hot (80-90 C and sometimes reaches 100 under load and can spike to well above 70 when idle).
In an attempt to get cooler temps I decided to try updating the insydeh20 bios (v 3.24). After the updates (incrementally from 3.19 to 3.24) the heat is still exactly the same. Except now apparently one of the updates enabled the tpm.
My version of win 11 is custom. After I installed windows 11, before even using it, I installed AtlasOS in an attempt to reduce telemetry and debloat so that my laptop will run smoother. AtlasOS being a custom mod has allowed me to run my device for a year or more without a tpm.
Also my laptop has a dual boot configuration. win 11 and LMDE 6. After my bios updates, suddenly my linux has been erased from the boot menu. Not only that but I am forced to press f12 when booting up just to reach a menu where it lists linpus lite. I can choose linpus lite to access a menu with lmde and windows.
I tried using my lmde 6 live boot usb and run boot repair but when I run the repair it gives me the error: “locked nvram”. I am guessing this was caused by the bios update, which activated the tpm which disabled my grub menu?
According to the official framework page, once you update to bios 3.22 and beyond, you cannot revert. With that being said, I am hoping that the members here may have a solution where I can possibly downgrade? I even tried completely resetting the mainboard through a framework tutorial but the bios version is unchanged. (still 3.24) I would settle for reverting back to stock if this is possible.
In these cases, if any downgrade is possible… the user have to take their chances in re-programming the bios IC (one or more) with an SPI IC programmer, even so success is not guaranteed as we dont know the “deep changes” made by the OEM to the firmware and what other programming as suffer irreversible changes.
For this the user has to be familiar with IC programing, how to identify the firmware ICs by visual board inspection/boardview files or schematics, it may need basic soldering skills on some cases.
Thats all, Good luck.
Ok thank you MeatWar. So definitely that is out of my range and skill set. So maybe there is a solution that I can accomplish? Would it be possible and if so, do you have the knowledge to direct/guide me in being able to take ownership of the TPM and deactivate it? I am not sure but I am guessing this particular year model of laptop has an integrated TPM that is built into the chipset. If my guess is correct, this particular version of TPM is called an Intel PTT. Although it says it is manufactured by a company called nuvoton.
If it is doable to assume ownership and deactivate the tpm, then, I am hoping that I can restore my grub loader. So that I can once again dual boot my laptop without having to press f12 and jump through hoops.
I am very privacy minded, which is my primary reason for using a custom version of windows because it eliminates or at least greatly restricts telemetry. When I chose to install AtlasOS, I did it to have a cleaner running, light and more privacy centered windows without all of the garbage. At that time I was not even aware that my laptop came with tpm baked in. I didn’t even know what a tpm was. Had never heard of the technology but now that I know more about it, as I understand it, it is basically a little black box that can report everything you do back to whomever wishes to know.
Only reason I even have windows on my laptop is because there are still a few things that we can only run on windows. Otherwise I would be linux only. However, now with this tpm active, even if I’m using linux, the tpm can still monitor our activities.
Anyhow, enough ranting and thank you tremendously for any and all advice.
Alternative is flashing by Intel FPT tool but it needs bios regions access (FD unlocked), not easy for users who never dealt with it, other than that is already mentioned.
Systems may have options by discrete TPM2.0 or by chipset/cpu/csme fw features using PPT, the options in bios dictated what can be selected/disable/enable bu the user.
So yes it sounds like flashing via Intel FPT would be beyond my scope as well. In my bios it shows that I can enable or hide the tpm. It also says that I can clear the tpm, which from my understanding also initializes and deactivates it but whenever I choose clear tpm and then reboot, it doesn’t stick.
Also, in my research i discovered that I can run the tpm.msc command which opens up a trusted platform management console. According to my reading online, I should be able to click on “actions” and find options such as “Disable-TpmAutoProvisioning, Set-TpmOwnerAuth and Initialize-Tpm” among others.
Actually there are a long list of different commands that I should be able to use from that console but for some reason on mine the only 2 options are cleartpm and preparetpm and preparetpm is greyed out and so inaccessible. As i understand it there are a list of local blocked commands and default blocked commands that apparently windows makes it almost impossible to unblock. One page I read said that you can access the block lists in the registry and go even more in depth with group policy editor. So far I have had no success with that.
What puzzles me is windows almost makes it easy to add things to the blocked lists but nigh impossible to remove things from the blocked lists. It’s not as simple as choosing unblock or enable. It seems it is intentionally set up to deny you from being able to unblock the commands you need to accomplish anything related to disabling the tpm.