AMD fTPM – What does this firmware option do?

All we need is an easy explanation of the problem, so here it is.

I have ASRock X370 Professional Gaming (AM4) motherbord with Ryzen 7 CPU.
It has network firmware upgrade option, but I had to disable fTPM to enable network flash option.

What exactly is fTPM option? What enabling it does? I’ve read it’s related to Bitlocker, but I have a Bitlocker disk, it works the same with this option disabled or enabled.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

"fTPM" is a type of TPM that’s implemented in system firmware instead of using a dedicated chip.

The TPM is a tamper-resistant "secure element" used to protect cryptographic keys (including smart-card private keys and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.

This doesn’t apply so much to data disks, since Windows is already fully running once they’re accessed, it can provide automatic unlocking without a TPM by simply storing the data disk’s password in your Windows account. (And obviously it doesn’t affect unlocking with a password.)


The most likely reasons you need to disable the (f)TPM before upgrading firmware are:

  1. System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they’ll need other means of unlocking the system disk.

  2. It’s relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don’t know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply