Running Taichi X399m Bios 1.10, with Threadripper 1950X, and 32G ECC RAM.

I would like to enable Secure Boot in latest windows 10 and then further, enable Bitlocker with TPM.  Here are my challenges: I have an extra TPM module inserted into X399m board, that shows TPM 2.0, version 1.3 etc.  Seems ok, but Attestation will not work after resetting keys, etc.  Without that and a combination of Secure Boot being enabled in Bios but not working in Windows, I cannot use Bitlocker encryption as it would complain about my hardware not up to spec.

Secure Boot is enabled in the Bios, but CSM is set to enabled and Legacy.  I've read somewhere that I should disable CSM for Secure Boot to work. If I disable CSM, then it black screens, and nothing works.  If I enable CSM but set everything to UEFI then PC boots without video.  If I only enable Storage to EUFI and the rest to Legacy, then it is back to Step 1, meaning PC works but not "good enough" for encryption.

What can be done about this?  Any specific settings or is it just bugs all over this?

Thanks.

1. Follow this guide: https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10" rel="nofollow - https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10

2. In my case I have set CSM to ON but I have selected StorageRom to UEFI only, Video to Legacy Only, and I have turned off PXE (i.e. do not load).

This setting above, along with converting my boot disk from MBR to GPT fixed all issues.  Next time I have booted into Windows 10 the TPM module came up as Attested, and Device Security tab had everything green and enabled.

In windows explorer, I have right-clicked on C: and enabled Bitlocker, which did not complain at all and allowed me to save keys to my OneDrive account.

All is well!