08-10-2024 10:25 AM
Hi,
I'm looking at msinfo32 and I see the following issues:
PCR7 Configuration: Binding Not Possible.
Device Encryption Support: Reasons for failed automatic device encryption: PCR7 binding is not supported, Un-allowed DMA capable bus/device(s) detected.
I'm also seeing Warnings under Bitlocker-API, Event 815: Bitlocker cannot use Secure Boot for integrity because the expected TCG Log separator entry is missing or invalid.
I've found this older thread: https://rog-forum.asus.com/t5/gaming-motherboards/tpm-pcr7-binding-fails-due-to-firmware-breaking-tc... which hints at BIOS bugs.
Is this the case with X670E-E as well? Coming from ASUS Z670-A, which worked just fine, this is an unpleasant surprise further compounded by missing TPM connector. So even buying a discrete TPM doesn't seem to be an option.
Please advise.
Thanks!
a month ago
Hello @kse
Thank you for reaching out to us.
Could you please clarify if this issue occurred after the PC was first built or after using it for some time and occurred following any recent changes, such as a BIOS update or drive replacement?
May I ask if your current model is the ROG STRIX X670E-E GAMING WIFI and the BIOS version is the latest one, 2204, released on August 5, 2024?
Please share screenshots of the results or error messages mentioned in the thread, along with the following information, to help us better understand your current situation:
- the image of BIOS main-page and all the manually adjusting items in BIOS
- the brand and model name of the CPU, GPU, RAM (part number and installed slots as well), SSD/HDD, and PSU currently installed
- the OS version and OS build
Thank you.
a month ago
Hi @Jiaszzz_ROG
I built this system last week. It is indeed the ROG STRIX X670E-E GAMING WIFI and the first step I did was update the BIOS to the latest version at the time. I now see in the screenshot that it's 2124. I recall seeing in a different thread that 2204 is buggy and the person reported was asked by ASUS support to revert to older bios and wait for a new update. Anyhow, 2204 doesn't mention TPM fixes, so given the reported issues and unless it's confirmed that 2204 is THE one fixing the TPM, I'd stay away from it for now.
You should see the parts in the screenshots, let me know if I missed anything. PSU is 1kW Corsair Shift. I see no system instability under load.
3 weeks ago
Hello @kse
Thank you for sharing the details and images.
We recommend you keep your system up to date by installing the latest BIOS to benefit from improved functionality and performance enhancements.
Please also ensure that the AMD Chipset Driver is updated to the latest version, V6.07.15.126, as provided on the official website, and that all drivers are up to date.
Regarding Bitlocker encryption, please refer to the following FAQs to setup TPM 2.0 or confirm your current settings:
[Motherboard]TPM FAQ (Bitlocker Encryption & Decryption)
[Windows 11/10] Introduction to Device Encryption and Standard BitLocker Encryption
[Motherboard] Which ASUS model supports Windows 11 and how to setup TPM 2.0 in BIOS?
If you still have concerns or notice any issues with the settings, please provide the relevant steps and screenshots.
Thank you.
3 weeks ago
Hi @kse In BIOS under Secure Boot Mode, your screenshot is showing CUSTOM. Have you tried switching this value to STANDARD? I believe this will then allow Windows to help you manage and control your TPM.
3 weeks ago
I noticed that and I believe it to be the default setting for whatever reason as I didn't change that setting. I tried setting it to standard, but then the computer no longer boots.
3 weeks ago
Hi @kse if you can, I recommend that you set this value to STANDARD and then do a FRESH Windows installation deleting everything on the drive.
NOTE: Please backup all important files before doing a fresh Windows installation. Since you will be installing Windows on the same machine, you will not need to know your Windows Key. Windows should be able to detect the key from the Windows Online Servers. However, under some rare circumstances, this automatic activation can fail so make sure you have your Windows installation key handy in case it is needed. You can certainly skip typing this key during the installation screens because even if Windows does not automatically detect it for you, you will be able to type it in from Windows Settings screen once Windows has booted properly. You will see Windows working in a TRIAL mode properly for couple of days so there is no rush looking for this key.
TIP - You may also find https://www.asus.com/us/support/faq/1047459/ article to be helpful. The main item I would like to call out from this article is
In order to support the installation of Windows 11 system by default, motherboard that supports TPM header, the system will send a full reset during post when no TPM card is connected, for set TPM Device Selection to [Enable Firmware TPM],in order to support the installation of Windows 11 system
Basically, I believe it is trying to tell you that your TPM will be reset when you do a fresh Windows installation so that Windows can take control of what it stores in it.
This is why your Windows is NOT booting when you set it to Standard because it is not finding keys that are typically stored in it since you have it set to custom so that you can control.
I hope this helps you resolve your issue. Good luck!