Baffling Windows 11 TPM Bug Is Wreaking Havoc On Some AMD Ryzen Systems
The issue appears to be related to Ryzen 5000 CPUs specifically, all affected user reports are confirming the existence of this bug with a Ryzen 5000 series part. One user, in particular, confirmed the issue happens when switching from a Ryzen 5 2600 to a Ryzen 7 5700X — and switching back to the 2600 fixed the TPM bug. Other reports confirm issues with Ryzen 7 5800X3D CPUs as well.
In a touch of irony, the same issue cropped up on my own personal Ryzen 7 5800X3D system just yesterday, where the TPM module was also failing to be recognized by Windows. The bug is especially problematic on boot-up, where the TPM module completely fails to be recognized until the security app has verified the “Virus & threat detection.” Once that is complete, the TPM module is usually recognized after closing and opening the app again, but even this doesn’t always work. Re-opening the Security app multiple times lead me to a plethora of minor glitches with the TPM bug, where information was missing from the Security Processor Page. To make matters worse, TPM attestation is also bugged out, saying “not supported” on the same page consistently.
For reference, I am on a MSI B450 Pro Carbon AC motherboard running one of the latest AGESA microcode updates, version 1.2.0.7, along with the latest AMD chipset drivers, and Windows 11 updates as of the time of this writing.
This issue is a big problem for users who actively use the built-in TPM module for data encryption. This bug can prevent encrypted data from being accessed, and in a worst-case scenario prevent boot-ups entirely if the boot drive is encrypted. The TPM module serves as an added layer of security that houses very important authentication keys for the encrypted data it is securing. If the security application does not have backup keys, losing the TPM module can mean the loss of the encrypted data as well.
However, it's worth noting that this issue should only affect users who actively utilize the TPM module. This is different from Windows 11's TPM requirements, where a TPM module simply needs to exist on the machine to meet the OS’s system requirements. Yes, this actually means the TPM module inside most Windows 11 machines is sitting there doing nothing. TPM is only utilized if actively used with something like Windows Bitlocker, Windows Hello, or 3rd party encryption software.
This issue is highly reminiscent of the AMD fTPM bug that was plaguing Ryzen systems a year ago, causing system stuttering to occur. But this new bug is substantially worse since the issue can prevent the TPM module from functioning at all. Again, Microsoft has not announced an update, so we don’t know when this will be fixed. If you’re affected by this bug, the best thing you can do is buy a dedicated TPM module for your system. These external TPM modules usually cost less than $40, and are installed into an internal slot on a motherboard. Given AMD’s track record with poor fTPM stability, it could be wise to switch to a dedicated TPM anyways so mishaps like this don’t happen again.
This issue should only be irksome if you use TPM actively. If you don’t, and only enable it to meet Windows 11’s system requirements, you can disable the module in BIOS if the detection issue is bothering you. Windows 11 will still give you a green checkmark in the security app. This could change though if Microsoft adds automated security features to Windows 11 (or newer) in the future which utilize TPM.
