X399m Taichi TPM and Secure Boot

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

Running Taichi X399m Bios 1.10, with Threadripper 1950X, and 32G ECC RAM.

I've searched a bit here but could not find any resolution.  Here is my question:
I would like to enable Secure Boot in latest windows 10 and then further, enable Bitlocker with TPM.  Here are my challenges: I have an extra TPM module inserted into X399m board, that shows TPM 2.0, version 1.3 etc.  Seems ok, but Attestation will not work after resetting keys, etc.  Without that and a combination of Secure Boot being enabled in Bios but not working in Windows, I cannot use Bitlocker encryption as it would complain about my hardware not up to spec.

Secure Boot is enabled in the Bios, but CSM is set to enabled and Legacy.  I've read somewhere that I should disable CSM for Secure Boot to work. If I disable CSM, then it black screens, and nothing works.  If I enable CSM but set everything to UEFI then PC boots without video.  If I only enable Storage to EUFI and the rest to Legacy, then it is back to Step 1, meaning PC works but not "good enough" for encryption.

What can be done about this?  Any specific settings or is it just bugs all over this?

Thanks.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
anton01 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 06 Nov 2018 Status: Offline Points: 8	Post Options Post Reply Quote anton01 Report Post Thanks(0) Quote Reply Topic: X399m Taichi TPM and Secure Boot Posted: 06 Nov 2018 at 3:22am
	Running Taichi X399m Bios 1.10, with Threadripper 1950X, and 32G ECC RAM. I've searched a bit here but could not find any resolution. Here is my question: I would like to enable Secure Boot in latest windows 10 and then further, enable Bitlocker with TPM. Here are my challenges: I have an extra TPM module inserted into X399m board, that shows TPM 2.0, version 1.3 etc. Seems ok, but Attestation will not work after resetting keys, etc. Without that and a combination of Secure Boot being enabled in Bios but not working in Windows, I cannot use Bitlocker encryption as it would complain about my hardware not up to spec. Secure Boot is enabled in the Bios, but CSM is set to enabled and Legacy. I've read somewhere that I should disable CSM for Secure Boot to work. If I disable CSM, then it black screens, and nothing works. If I enable CSM but set everything to UEFI then PC boots without video. If I only enable Storage to EUFI and the rest to Legacy, then it is back to Step 1, meaning PC works but not "good enough" for encryption. What can be done about this? Any specific settings or is it just bugs all over this? Thanks.

anton01 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 06 Nov 2018 Status: Offline Points: 8	Post Options Post Reply Quote anton01 Report Post Thanks(0) Quote Reply Posted: 09 Nov 2018 at 2:30pm
	So I have this figured out. It turns out that my boot disk was in legacy mode, i.e. MBR. Secure boot only works with UEFI partitions. So here is how to fix similar situation: 1. Follow this guide: https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10 2. In my case I have set CSM to ON but I have selected StorageRom to UEFI only, Video to Legacy Only, and I have turned off PXE (i.e. do not load). This setting above, along with converting my boot disk from MBR to GPT fixed all issues. Next time I have booted into Windows 10 the TPM module came up as Attested, and Device Security tab had everything green and enabled. In windows explorer, I have right-clicked on C: and enabled Bitlocker, which did not complain at all and allowed me to save keys to my OneDrive account. All is well!