Enabling fTPM can cause stuttering on some Ryzen systems

[ChocAndGray]

@Jay343434 Yeah if you disabled it that error won't show up now and your issue should also be resolved.

While I have you can you check your event viewer for this specific event id related to fast startup when you switch the PC on (if you have it enabled ofcourse): https://i.imgur.com/FD5gzEI.png

No matter what I do on this Dark Hero board I always apparently fail fast startup.

I've had a look and I can't see that error.

Do I need to do a cold boot to check for it?

 

[GregI]

I think so. No trouble though mate was just wondering. Thanks.

 

[Trox]

So out of interest I checked for this event ID 86...

It seems from the date event viewer started logging my first 86 error iirc lines up with when I enabled fTPM (I didn't enable it for a week or 2 after I built the machine). So going by the logs it looks like I had this error for around 2 months with the last error recorded on the 2nd of October, I've not had one since...
I checked the date I ordered my Gigabyte TPM2.0_S which turns out to be the 1st of October.

Just to mention even with this error I don't remember ever noticing frame stutters but that error disappeared the day I installed the hardware TPM, coincidence or not lol.

 

[Dave2150]

Windows 11 is buggy anyway so avoid it, stick to the stable windows 10 with ftpm off.

Windows 11 is awesome. Faster, better UI.

 

[Vulture]

Windows 11 is awesome. Faster, better UI.

If you have even half of that PC you written bellow then you wouldnt notice speed difference. People think it is faster because they usually clean install new windows, i didn't notice any speed difference, both windows are ultra fast for me, but windows 11 is a mess, too many little bugs, explorer.exe crash, search crash etc.

 

[henson0115]

Given all the vulnerabilities in Windows 10/11 outside of TPM - one of the latest in a long line for instance being CVE-2021-43890, many of which shouldn't be there in the first place, it isn't going to accomplish much anyhow in terms of protecting the end user - it does however increasingly take away control of the machine from the end user...

I find it amusing when people get their knickers in a twist over Windows 7 and security yet if anything 10/11 are in a worse place despite having security updates (outside of extended support) because of MS incompetence.

Sadly most people don't have the foresight to see why boycotting TPM would be a good idea.

Considering encryption is required to pass iso 27001 security accreditation, I presume you don't have an i.t base work role. Encryption isn't always about stopping the flaws like you think it is. Think simpler, how about stopping someone stealing the contents of your drive. Don't underestimate a tpm module, a flawed system is better than no system for protection at all. Yes it needs improvement doesn't mean it shouldn't be used.

Without encryption, data can be stolen in seconds. Bitkocker can stop that and make it quite difficult if not impossible to 99 percent of people.

Stop spreading fud

 

[Rroff]

Considering encryption is required to pass iso 27001 security accreditation, I presume you don't have an i.t base work role. Encryption isn't always about stopping the flaws like you think it is. Think simpler, how about stopping someone stealing the contents of your drive. Don't underestimate a tpm module, a flawed system is better than no system for protection at all. Yes it needs improvement doesn't mean it shouldn't be used.

Without encryption, data can be stolen in seconds. Bitkocker can stop that and make it quite difficult if not impossible to 99 percent of people.

Stop spreading fud

You don't need TPM to secure data or a drive (MS is essentially gas lighting people that this is the only way).

But even so - what might be needed in a corporate situation isn't the same as the needs for everyone.

 

[henson0115]

Are any of your solutions baked into windows without some kind of security chip? Now ask the same question to the millions of people of use windows and if they can do it without any help. Your missing the point, with a tpm which comes with 99percent of devices now, most people are not even aware of it being there to begin with. So now windows 11 can protect the data without anyone ever knowing about encryption etc. It's designed for all users not just the corp environment. The corp environment angle is that it gives insight into why it's a good idea. Data encryption is for everyone not just the corp environment.

You tell me another solution that can be used by the droves without any prior knowledge.

Gas lighting? They are making the difficult decision of dragging the industry kicking and screaming into a security aware state. The end. Again stop spreading fud.

 

[Rroff]

Are any of your solutions baked into windows without some kind of security chip? Now ask the same question to the millions of people of use windows and if they can do it without any help. Your missing the point, with a tpm which comes with 99percent of devices now, most people are not even aware of it being there to begin with. So now windows 11 can protect the data without anyone ever knowing about encryption etc. It's designed for all users not just the corp environment. The corp environment angle is that it gives insight into why it's a good idea. Data encryption is for everyone not just the corp environment.

You tell me another solution that can be used by the droves without any prior knowledge.

Gas lighting? They are making the difficult decision of dragging the industry kicking and screaming into a security aware state. The end. Again stop spreading fud.

It isn't going to accomplish securing the desktop against malicious actors but it will effectively protect the desktop from the user and that will be abused. It is a massive over-reach for the average consumer desktop.

 

[henson0115]

It isn't going to accomplish securing the desktop against malicious actors but it will effectively protect the desktop from the user and that will be abused. It is a massive over-reach for the average consumer desktop.

It's designed as encryption at rest for want of a better term. That's it, you seam to think the tpm stops malware or soemthing which which of course it doe not.... That's what your av is for obviously. Secure boot is another story but we are talking about tpm here purely for encryption.

 

[OspreyO]

You don't need TPM to secure data or a drive (MS is essentially gas lighting people that this is the only way).

But even so - what might be needed in a corporate situation isn't the same as the needs for everyone.

Do they still not have bitlocker on the home version.

 

[Rroff]

It's designed as encryption at rest for want of a better term. That's it, you seam to think the tpm stops malware or soemthing which which of course it doe not.... That's what your av is for obviously. Secure boot is another story but we are talking about tpm here purely for encryption.

Thing is TPM can be utilised (along with secure boot, etc.) for means far beyond just encryption, and if it becomes a basic requirement things are going to push that way - it is already marketed using "think of the children" tactics as stopping malware, preventing cheating in games, etc. TPM can be used for remote attestation as in taking away from the user control over whether they can or can't run certain software - which at a superficial level might seem like a good idea for say banking apps but unfortunately it goes much further than that and will start to become a requirement for even the most mundane things removing choice and control from the end user.

TPM itself isn't the problem, there are even desirable sides to TPM but it does facilitate the implementation of mechanics which are actively hostile to the end user and things will start to lean that way over time.

To quote from a post on Stack Exchange:

"Another criticism is that it may be used to prove to remote websites that you are running the software they want you to run, or that you are using a device which is not fully under your control. The TPM can prove to the remote server that your system's firmware has not been tampered with, and if your system's firmware is designed to restrict your rights, then the TPM is proving that your rights are sufficiently curtailed and that you are allowed to watch that latest DRM-ridden video you wanted to see. Thankfully, TPMs are not currently being used to do this, but the technology is there."

The way Microsoft is more and more trying to take control of the desktop away from the end user this doesn't go down a good road in the long run.

 

[Tired9]

I am using this board.

And the only issue I ran into was high DPC latency which I have completely fixed.

 

[Tired9]

If you have even half of that PC you written bellow then you wouldnt notice speed difference. People think it is faster because they usually clean install new windows, i didn't notice any speed difference, both windows are ultra fast for me, but windows 11 is a mess, too many little bugs, explorer.exe crash, search crash etc.

Not yet had any of this happen.

When system memory is unstable but not enough to BSOD the system, weird things happen like that.

 

[GregI]

Update from AMD: https://www.amd.com/en/support/kb/faq/pa-410

Fixes expected in May 2022 via AGESA 1.2.0.7

 

[Purgatory]

AMD Issues Fix and Workaround for Ryzen's fTPM Stuttering Issues

https://www.tomshardware.com/uk/news/amd-issues-fix-and-workaround-for-ftpm-stuttering-issues

AMD announced today that it has identified the source of an fTPM-induced system stuttering issue on Ryzen systems and had issued a BIOS fix to motherboard makers. However, the BIOS updates will take some time to make their way to market, with the first arriving in May 2022. In the interim, AMD has also advised using a 'workaround' that employs a discrete TPM key instead of the in-built version inside the processor. Notably, that isn't an option for all systems, especially laptops.

AMD has remained silent on this issue for months, but widespread reports indicate that AM4 Ryzen systems have long been plagued with system stuttering associated with enabling the fTPM (firmware trusted platform module) feature. As a reminder, TPM functionality is a not-strictly-enforced security requirement for Windows 11, but it is also present in Windows 10. The fTPM is a security mechanism available with AMD processors that removes the need for a separate discrete TPM device. Both the fTPM and discrete TPM are designed to accomplish the same goal — store an unchangeable security key, thus enabling a higher level of security. However, the different approaches store the key in different locations.

The fTPM key resides in the SPI flash memory that's present on the motherboard (commonly referred to as a BIOS chip). AMD says the fTPM issue involves intermittent latency introduced by fTPM-related memory transactions with the chip, leading to "temporary pauses in system interactivity or responsiveness." The issue impacts AM4 systems that run the Zen+ to Zen 3 architectures.

AMD's fTPM issues impact both Windows 10 and Windows 11 Ryzen systems, with the typical side effect being random stuttering and lagging that lasts one to two seconds. These periods occur multiple times per day during all manner of workloads, including gaming. They manifest as jerky performance on the screen and interrupted and garbled audio, application hangs, and mouse cursor hitching during the system stutters (you can see an example in the short clip below).

Most users have simply disabled the TPM requirement in Windows 11 to circumvent the issue, but now AMD has fixes coming via motherboard firmware updates (UEFI/BIOS). Those fixes (AGESA 1207 or newer) will take some time to arrive through the normal support channels. As such, AMD also notes that you can simply disable the fTPM feature in the processor and use a discrete TPM device instead. You will need to follow very specific measures during that process to ensure that you don't lose any encrypted data. These devices can be costly, with pricing varying between $20 and $170.

Here are the details in AMD's freshly-issued support document:

• This documentation provides information on improving intermittent performance stutter(s) on select PCs running Windows 10 and 11 with Firmware Trusted Platform Module (“fTPM”) enabled.
• Issue Description
• AMD has determined that select AMD Ryzen system configurations may intermittently perform extended fTPM-related memory transactions in SPI flash memory (“SPIROM”) located on the motherboard, which can lead to temporary pauses in system interactivity or responsiveness until the transaction is concluded.
• Update and Workaround
• Update: Affected PCs will require a motherboard system BIOS (sBIOS) update containing enhanced modules for fTPM interaction with SPIROM. AMD expects that flashable customer sBIOS files to be available starting in early May, 2022. Exact BIOS availability timing for a specific motherboard depends on the testing and integration schedule of your manufacturer. Flashable updates for motherboards will be based on AMD AGESA 1207 (or newer).
  
• Workaround: As an immediate solution, affected customers dependent on fTPM functionality for Trusted Platform Module support may instead use a hardware TPM (“dTPM”) device for trusted computing. Platform dTPM modules utilize onboard non-volatile memory (NVRAM) that supersedes the TPM/SPIROM interaction described in this article.
  
  1. COMPATIBILITY: Please check with your system or motherboard manufacturer to ensure that your platform supports add-in dTPM modules before attempting or implementing this workaround.
     
  2. WARNING: If switching an active system from fTPM to dTPM, it is critical that you disable TPM-backed encryption systems (e.g. BitLocker Drive Encryption) and/or back up vital system data prior to switching TPM devices. You must have full administrative access to the system, or explicit support from your IT administrator if the system is managed. For more information on transferring ownership to a new TPM device, please visit this Microsoft webpage.

early performance problems with Windows 11 and Ryzen systems, and the company's fixes for a long-running problem with USB-connected devices.

We had previously reached out to both AMD and Microsoft about the fTPM matter, and both firms told us they were investigating the issues. We're following up with AMD for more information about the scope of the impacted systems. Stay tuned.

 

[Grim5]

Lol, a "fix" from AMD is to just buy a $100 tpm module, GG

Or you can just switch to Intel

 

[Wrinkly]

I'm surprised that AMD has so many issues in what is considered by many to be an established platform.

 

[Dave2150]

Lol, a "fix" from AMD is to just buy a $100 tpm module, GG

Or you can just switch to Intel

Does seem a terrible solution, making Intel even better value.

 

[ljt]

Lol, a "fix" from AMD is to just buy a $100 tpm module, GG

Or you can just switch to Intel

or you can just wait for the updated bios