[Problem] Intel Galax H310M MB with PTT/TPM issue

Hello everyone, I recently got a Galax H310M motherboard for an old i5 7600K CPU I had lying around since I knew that it works out of the box with all LGA 1151 CPUs (6-9th gen)
I enabled TPM initially and installed Windows 11 without any warnings or issues. However I found out that Sleep S3 state was not supported. So I tried cross flashing BIOSes from different boards (Colorful H310M, Soyo H310, MSI H310M). The colorful BIOS worked perfectly and I was able to get S3 sleep state supported as well. However I was not able to enable secure boot and Intel PTT.
Since then, I have rolled back to the original Galax BIOS but no matter what I do, Intel PTT/TPM is not working anymore. I have cleared CMOS, tried with ME 11.6 - 11.7 and no matter what, it does not work. I checked with MEInfo and PTT now shows enabled in ME but disabled in FPF.

Is there any way to get PTT working again in this case?

I have no idea how it happened but it was probably the chipset was still in manufacturing mode and one of the BIOSes I flashed must have disabled PTT in FPF. I am not sure if it has locked it yet. Any help is appreciated.

Edit by Fernando: Thread title customized and shortened

@itsakjt
It seems to me, that your reported issue is caused by the Intel Management Engine Region and not by the BIOS Region of your mainboard’s SPI chip.
Please let me know, whether I am right or wrong. If it should be an Intel ME issue, I will move this this thread into >this< much better matching Sub-Forum.

Hi. Yes that is correct. I was confused as well since my activity involved cross flashing as well.

Hello everyone, so I did some checking again and with MEInfo -verbose, I can see that manufacturing mode is enabled. So to my understanding, it should still be possible to make PTT enabled in FPF and then disable manufacturing mode thus committing the change.
However, I did try flashing a checked PTT enabled ME firmware with FPT followed by fptw64 -greset but no matter what, I have not been able to enable PTT in FPF.

I referred to this thread for the instructions:
Activate PTT in ME firmware (2)

I also followed the instructions in the ME Data initialization thread but that didn’t work either. I did not lock manufacturing mode yet. Any help will be greatly appreciated.
@plutomaniac - Can you please help me out? Thanks in advance.

You need to check if FPF are HW committed/set via MEInfo -verbose tool first. Read this post as well about manufacturing mode and its relation to HW fuses.

Thanks for the reply @plutomaniac. This is what I get using MEInfo64.exe -verbose.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
 
Intel(R) MEInfo Version: 11.8.90.4052
Copyright(C) 2005 - 2020, Intel Corporation. All rights reserved.
 

 

Windows OS Version : 10.0
 
FW Status Register1: 0x90000255
FW Status Register2: 0x00F60506
FW Status Register3: 0x00000020
FW Status Register4: 0x00084000
FW Status Register5: 0x00000000
FW Status Register6: 0xC0000000
 
CurrentState: Normal
ManufacturingMode: Enabled
FlashPartition: Valid
OperationalState: CM0 with UMA
InitComplete: Complete
BUPLoadState: Success
ErrorCode: No Error
ModeOfOperation: Normal
SPI Flash Log: Not Present
FPF HW Source value: Not Applicable
ME FPF Fusing Patch Status: ME FPF Fusing patch NOT applicable
Phase: ROM/Preboot
ICC: Valid OEM data, ICC programmed
ME File System Corrupted: No
PhaseStatus: AFTER_SRAM_INIT
FPF and ME Config Status: No match
FW Capabilities value is 0x31010140
Feature enablement is 0x31010140
Platform type is 0x71440322
No Intel Wireless device was found
Intel(R) ME code versions:
 
Table Type 85 ( 0x 55 ) found, size of 0 (0x 00 ) bytes
BIOS Version 5.12
Table Type 85 ( 0x 55 ) found, size of 0 (0x 00 ) bytes
Table Type 0 ( 0x 00 ) found, size of 68 (0x 44 ) bytes
Table Type 1 ( 0x 01 ) found, size of 100 (0x 64 ) bytes
Table Type 2 ( 0x 02 ) found, size of 39 (0x 27 ) bytes
Table Type 3 ( 0x 03 ) found, size of 98 (0x 62 ) bytes
Table Type 8 ( 0x 08 ) found, size of 25 (0x 19 ) bytes
Table Type 10 ( 0x 0A ) found, size of 33 (0x 21 ) bytes
Table Type 11 ( 0x 0B ) found, size of 21 (0x 15 ) bytes
Table Type 12 ( 0x 0C ) found, size of 21 (0x 15 ) bytes
Table Type 32 ( 0x 20 ) found, size of 22 (0x 16 ) bytes
Table Type 34 ( 0x 22 ) found, size of 19 (0x 13 ) bytes
Table Type 26 ( 0x 1A ) found, size of 29 (0x 1D ) bytes
Table Type 36 ( 0x 24 ) found, size of 18 (0x 12 ) bytes
Table Type 35 ( 0x 23 ) found, size of 27 (0x 1B ) bytes
Table Type 28 ( 0x 1C ) found, size of 29 (0x 1D ) bytes
Table Type 36 ( 0x 24 ) found, size of 18 (0x 12 ) bytes
Table Type 35 ( 0x 23 ) found, size of 27 (0x 1B ) bytes
Table Type 27 ( 0x 1B ) found, size of 30 (0x 1E ) bytes
Table Type 36 ( 0x 24 ) found, size of 18 (0x 12 ) bytes
Table Type 35 ( 0x 23 ) found, size of 27 (0x 1B ) bytes
Table Type 27 ( 0x 1B ) found, size of 17 (0x 11 ) bytes
Table Type 36 ( 0x 24 ) found, size of 18 (0x 12 ) bytes
Table Type 35 ( 0x 23 ) found, size of 27 (0x 1B ) bytes
Table Type 29 ( 0x 1D ) found, size of 27 (0x 1B ) bytes
Table Type 36 ( 0x 24 ) found, size of 18 (0x 12 ) bytes
Table Type 35 ( 0x 23 ) found, size of 27 (0x 1B ) bytes
Table Type 26 ( 0x 1A ) found, size of 29 (0x 1D ) bytes
Table Type 28 ( 0x 1C ) found, size of 29 (0x 1D ) bytes
Table Type 27 ( 0x 1B ) found, size of 30 (0x 1E ) bytes
Table Type 29 ( 0x 1D ) found, size of 27 (0x 1B ) bytes
Table Type 39 ( 0x 27 ) found, size of 184 (0x B8 ) bytes
Table Type 16 ( 0x 10 ) found, size of 25 (0x 19 ) bytes
Table Type 17 ( 0x 11 ) found, size of 109 (0x 6D ) bytes
Table Type 19 ( 0x 13 ) found, size of 33 (0x 21 ) bytes
Table Type 7 ( 0x 07 ) found, size of 37 (0x 25 ) bytes
Table Type 4 ( 0x 04 ) found, size of 185 (0x B9 ) bytes
Table Type 20 ( 0x 14 ) found, size of 37 (0x 25 ) bytes
Table Type 130 ( 0x 82 ) found, size of 22 (0x 16 ) bytes
MEBx Version 11.0.0.0010
GbE Version Unknown
Vendor ID 8086
PCH Version 0
FW Version 11.8.50.3460 H
Security Version (SVN) 3
LMS Version Not Available
MEI Driver Version 2145.1.42.0
Wireless Hardware Version Not Available
Wireless Driver Version Not Available
 
FW Capabilities 0x31010140
 
Intel(R) Capability Licensing Service - PRESENT/ENABLED
Protect Audio Video Path - NOT PRESENT
Intel(R) Dynamic Application Loader - NOT PRESENT
Service Advertisement & Discovery - NOT PRESENT
Intel(R) NFC Capabilities - NOT PRESENT
Intel(R) Platform Trust Technology - PRESENT/ENABLED
 
Re-key needed False
Platform is re-key capable True
TLS Disabled
Last ME reset reason Global system reset
Local FWUpdate Enabled
BIOS Config Lock Enabled
GbE Config Lock Enabled
Get flash master region access status...done
Host Read Access to ME Enabled
Host Write Access to ME Enabled
Get EC region access status...done
Host Read Access to EC Enabled
Host Write Access to EC Enabled
Protected Range Register Base #0 0x0
Protected Range Register Limit #0 0x0
Protected Range Register Base #1 0x0
Protected Range Register Limit #1 0x0
Protected Range Register Base #2 0x0
Protected Range Register Limit #2 0x0
Protected Range Register Base #3 0x0
Protected Range Register Limit #3 0x0
Protected Range Register Base #4 0x0
Protected Range Register Limit #4 0x0
SPI Flash ID 1 EF4018
SPI Flash ID 2 Unknown
BIOS boot State Post Boot
OEM ID 00000000-0000-0000-0000-000000000000
Capability Licensing Service Enabled
OEM Tag 0x00000000
Slot 1 Board Manufacturer 0x00000000
Slot 2 System Assembler 0x00000000
Slot 3 Reserved 0x00000000
M3 Autotest Disabled
C-link Status Disabled
Independent Firmware Recovery Disabled
EPID Group ID 0x2081
 
Retrieving Variable "LSPCON Port Configuration"
LSPCON Ports None
 
Retrieving Variable "eDP Port Configuration"
5K Ports None
OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000
 
Retrieving Variable "OEM Public Key Hash"
OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000
ACM SVN FPF 0x0
KM SVN FPF 0x0
BSMM SVN FPF 0x0
GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000
 
Retrieving Variable "GuC Encryption Key"
GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000
 
FPF ME
--- --
Force Boot Guard ACM Disabled
Retrieving Variable "Force Boot Guard ACM Enabled"
Disabled
Protect BIOS Environment Disabled
Retrieving Variable "Protect BIOS Environment Enabled"
Disabled
CPU Debugging Enabled
Retrieving Variable "CPU Debugging"
Enabled
BSP Initialization Enabled
Retrieving Variable "BSP Initialization"
Enabled
Measured Boot Disabled
Retrieving Variable "Measured Boot Enabled"
Disabled
Verified Boot Disabled
Retrieving Variable "Verified Boot Enabled"
Disabled
Key Manifest ID 0x0
Retrieving Variable "Key Manifest ID"
0x0
Enforcement Policy 0x0
Retrieving Variable "Error Enforcement Policy"
0x0
PTT Disabled
Retrieving Variable "Intel(R) PTT Supported"
Enabled
EK Revoke State Not Revoked
PTT RTC Clear Detection FPF 0x1
 
 


It shows PTT is disabled in FPF but also shows Manufacturing Mode enabled. Does this mean the PTT FPF is committed (no changes possible) or does the manufacturing enabled means that enabling PTT in the FPF is still possible? And if yes, how?

Thanks a lot again. Really appreciated.

Since it’s difficult to tell from the quoted log/output of MEInfo (forum formatting issues), is the "Disabled" text under FPF or ME column? I think it is under FPF and ME is empty (possibly due to Manufacturing Mode being enabled) but please verify. If I am right, and it’s under FPF, your system is already fused. As I wrote at the aforementioned/linked post:



Basically, your system is in "OEM/User" Manufacturing Mode, so you have read/write access to the FW, but the HW/FPF has already been set/fused once, so it cannot be adjusted via the FW anymore. To sum up, you cannot adjust the PPT state on that Chipset, unfortunately.

Yes it is under FPF.
And yeah, that is what I thought so. Lesson learnt the hard way.
So for the knowledge base, if I enabled the PTT FPF from the start and then closed manufacturing mode using FPT, this shouldn’t have happened right?

Did you ever run “fptw64 -closemnf” command? That’s the only way to close the initial/“OEM” manufacturing mode. If it was saying “Not set” under FPF column in the past, and you executed “-closemnf” then yes, you closed/fused it yourself (with whatever values were stored/configured in the CSME FW flashed at the time of execution). But it is also possible that the Chipset was already fused (FPF set) when you got it. Technically, per Intel security guidelines, the FPF should have already been set (-closemnf) before the board leaves the factory for the customer. So it wouldn’t be strange if your Chipset was already FPF-set by the time you started to look into enabling PTT.

Hello @plutomaniac , thanks for the input. I have not run that command and that’s what confuses me. It is still not closed and hence I feel it might be possible some way?
Initially, PTT used to work perfectly. I don’t know what state the PTT FPF was in then since I did not check it. However, after experimenting cross flashing various other BIOSes from other manufacturers, I was not able to enable PTT even after restoring the original BIOS and that’s when I checked MEInfo -verbose and found PTT is disabled through FPF but manufacturing mode is still enabled.

It was probably “not set” so the value from CSME firmware was in use instead, I guess. You could configure the CSME firmware with PTT enabled, flash it and then -closemnf, but it won’t do anything, honestly. If FPF is set (Enabled, Disabled), nothing will happen.

Yeah. That’s why I think if at the very beginning, I flashed the CSME with PTT enabled and then used -closemnf, then nothing could have disabled it no matter how many BIOSes i tried crossflashing.