AMD fTPM - What does this firmware option do?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I have ASRock X370 Professional Gaming (AM4) motherbord with Ryzen 7 CPU.
It has network firmware upgrade option, but I had to disable fTPM to enable network flash option.
What exactly is fTPM option? What enabling it does? I've read it's related to Bitlocker, but I have a Bitlocker disk, it works the same with this option disabled or enabled.
cpu motherboard desktop-computer firmware amd-ryzen
asked Mar 4 at 7:40
HarryHarry
193119
add a comment |
I have ASRock X370 Professional Gaming (AM4) motherbord with Ryzen 7 CPU.
It has network firmware upgrade option, but I had to disable fTPM to enable network flash option.
What exactly is fTPM option? What enabling it does? I've read it's related to Bitlocker, but I have a Bitlocker disk, it works the same with this option disabled or enabled.
cpu motherboard desktop-computer firmware amd-ryzen
asked Mar 4 at 7:40
HarryHarry
193119
add a comment |
I have ASRock X370 Professional Gaming (AM4) motherbord with Ryzen 7 CPU.
It has network firmware upgrade option, but I had to disable fTPM to enable network flash option.
What exactly is fTPM option? What enabling it does? I've read it's related to Bitlocker, but I have a Bitlocker disk, it works the same with this option disabled or enabled.
cpu motherboard desktop-computer firmware amd-ryzen
asked Mar 4 at 7:40
HarryHarry
193119
I have ASRock X370 Professional Gaming (AM4) motherbord with Ryzen 7 CPU.
It has network firmware upgrade option, but I had to disable fTPM to enable network flash option.
What exactly is fTPM option? What enabling it does? I've read it's related to Bitlocker, but I have a Bitlocker disk, it works the same with this option disabled or enabled.
cpu motherboard desktop-computer firmware amd-ryzen
cpu motherboard desktop-computer firmware amd-ryzen
asked Mar 4 at 7:40
HarryHarry
193119
asked Mar 4 at 7:40
HarryHarry
193119
asked Mar 4 at 7:40
HarryHarry
193119
asked Mar 4 at 7:40
HarryHarry
193119
asked Mar 4 at 7:40
HarryHarry
193119
193119
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
answered Mar 4 at 7:47
grawitygrawity
243k37512570
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411061%2famd-ftpm-what-does-this-firmware-option-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
answered Mar 4 at 7:47
grawitygrawity
243k37512570
add a comment |
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
answered Mar 4 at 7:47
grawitygrawity
243k37512570
add a comment |
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
answered Mar 4 at 7:47
grawitygrawity
243k37512570
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
answered Mar 4 at 7:47
grawitygrawity
243k37512570
edited Mar 4 at 8:01
answered Mar 4 at 7:47
grawitygrawity
243k37512570
answered Mar 4 at 7:47
grawitygrawity
243k37512570
answered Mar 4 at 7:47
grawitygrawity
243k37512570
243k37512570
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1411061%2famd-ftpm-what-does-this-firmware-option-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
