Showing results for 
Search instead for 
Did you mean: 

TPM attestation not supported on 5800x3d

Level 8
I have a X570 Crosshair VIII Hero Wi-Fi, my system originally born with a 5600x. Recently I updated it with a 5800X3D. I noticed that now the TPM window under the Windows Security app report that "TPM Attestation" is "Not Supported" while "TPM Memory" is "Ready". This is on Windows 11. I'm not using any extenal TPM module since ryzen 5000 should support TPM 2.0 natively. I lost a lot of time trying to make it work. Actually I'm on latest bios for my board, but I tried to go back to older version. I tried countless times to reset the TPM both from Windows and /or Motherboard bios settings. I already done a clean installation of windows 11 with deletion of all previous partition created. I have done these steps both on old windows and fresh windows installation.
I would like to know if there is a way to solve this issue.

Level 7

Would also love to see this fixed but no word from ASUS, MS or AMD on this matter. It's ridiculous

Level 7

I also have the same exact problem with a TUF Gaming B-550PRO Motherboard.

"TPM Attestation" is "Not Supported" while "TPM Memory" is "Ready".

I think I fixed it with these settings in the BIOS. Go to:

Advanced - Trusited Computing 

Enable: SHA-1 PCR Bank

Enable: SHA 256 PCR Bank

Level 14

I could be wrong, but I believe you can safely ignore TPM Attestation problems on systems which are purely for gaming / personal use.  As I understand it, attestation is only required for integration with corporate certificate infrastructure, to prove to the certificate authority that a private key is securely stored in a TPM.  If you're not interacting with a corporate domain, I don't think it really does much for you.

As far as the problem goes, it seems like it's something that AMD and Microsoft need to address between them (it's unclear which one of them dropped the ball on this).

Level 7

Is this BIOS based TPM? 

You can always try a discrete TPM module.

Level 14

Ideally, you should not have SHA-1 enabled.  It is no longer considered secure and is deprecated pretty much everywhere.