Firmware update and Windows Hello

[wizard]

Updated my Bios (no issues) but my Hello settings (PIN) got messed up. Managed to fix it eventually with some heelless. Could it be a Bios setting which got changed to default?

 

[Tetras]

It might be because your TPM keys were reset.

 

[wizard]

It might be because your TPM keys were reset.

Can you please explain? If I have to update the bios again, what should I do to avoid this?

 

[Mcnumpty2323]

Depends on your bios
But pretty sure mine has an option
Not to reset TPM keys
If update the bios or upgrade cpu
Though my boards all singing and dancing
No idea if lower end boards got same options

@wizard
Most people aren't using actual TPM modules
They're using TPM built into the cpu
On amd it's ftpm forgot what intel calls it

So basically before updating your bios again
Look in the bios for options to do with TPM/ftpm/intel name for it
And see what it let's you do
You may or may not have options I mentioned

 

[Tetras]

Can you please explain? If I have to update the bios again, what should I do to avoid this?

The TPM is used to store encrypted keys and some Windows features like Windows Hello and Bitlocker can use the TPM to perform part of their function and identify your PC.

When you do a BIOS update, if you use a firmware TPM, then it can reset/clear the keys and that can break any Windows features that are relying on it.

I don't know of anything to do to prevent this problem, only to mitigate it by having an alternative recovery method available.

 

[wizard]

J

Depends on your bios
But pretty sure mine has an option
Not to reset TPM keys
If update the bios or upgrade cpu
Though my boards all singing and dancing
No idea if lower end boards got same options

@wizard
Most people aren't using actual TPM modules
They're using TPM built into the cpu
On amd it's ftpm forgot what intel calls it

So basically before updating your bios again
Look in the bios for options to do with TPM/ftpm/intel name for it
And see what it let's you do
You may or may not have options I mentioned

Using Asus X570-E Gaming Motherboard. No option that I can see to bot to reset TPM Keys. I am not using a TPM module as such.

 

[wizard]

The TPM is used to store encrypted keys and some Windows features like Windows Hello and Bitlocker can use the TPM to perform part of their function and identify your PC.

When you do a BIOS update, if you use a firmware TPM, then it can reset/clear the keys and that can break any Windows features that are relying on it.

I don't know of anything to do to prevent this problem, only to mitigate it by having an alternative recovery method available.

I am using Firmware TPM option that worked well so far. I guess I will have to reset Hello, etc. options every time I update the bios.

 

[Mcnumpty2323]

Got me curious
So I started messing around with it
I disabled ftpm in bios
Tried to boot into windows but my pin had been stored
In ftpm so it's gone
To be fair it warned me disabling ftpm would do that
Easy reset as long as have Internet available
And a Microsoft account it just emailed me a security code
Then I did a new pin number

Left ftpm disabled
Still boots into windows 11
Turns out this motherboard actually has a tpm module

Anyway
I found the do not reset ftpm if a new cpu is installed option
Can't seem to find the if the bios is updated option
But am sure I have updated the bios a few times on this board
And not lost my windows pin

 

[wizard]

Got me curious
So I started messing around with it
I disabled ftpm in bios
Tried to boot into windows but my pin had been stored
In ftpm so it's gone
To be fair it warned me disabling ftpm would do that
Easy reset as long as have Internet available
And a Microsoft account it just emailed me a security code
Then I did a new pin number

Left ftpm disabled
Still boots into windows 11
Turns out this motherboard actually has a tpm module

Anyway
I found the do not reset ftpm if a new cpu is installed option
Can't seem to find the if the bios is updated option
But am sure I have updated the bios a few times on this board
And not lost my windows pin

Checked my Bios (Asus X570-E) and the two options it gives are Firmware TPM and Discrete TPM. No option to disable it.

 

[Mcnumpty2323]

Checked my Bios (Asus X570-E) and the two options it gives are Firmware TPM and Discrete TPM. No option to disable it.

Yeah this board is most likely the best x570 you can get
Was something like £900 at launch (I paid a fraction of that luckily )
I am no stranger to bios but this things got options
That I have never even heard of
Some for ln2 even
So it's quite likely I have bios options you don't I guess

 

[wizard]

Yeah this board is most likely the best x570 you can get
Was something like £900 at launch (I paid a fraction of that luckily )
I am no stranger to bios but this things got options
That I have never even heard of
Some for ln2 even
So it's quite likely I have bios options you don't I guess

Can I ask what Bios version are you on?

 

[Mcnumpty2323]

Can I ask what Bios version are you on?

Did I have a DOH! Moment
And forget to say what motherboard I have?
Crosshair viii extreme
Bios is 1505

 

[wizard]

Did I have a DOH! Moment
And forget to say what motherboard I have?
Crosshair viii extreme
Bios is 1505

Ah! Different numbers to X570-E I am on 2802, trying to update to later versions

 

[Mcnumpty2323]

Ah! Different numbers to X570-E I am on 2802, trying to update to later versions

Is it asus rog strix gaming x570-e?
If it is then yeah there's a lot of newer bios releases
Than 2802
Latest version is 5013 so quite possible
That would add some new options

 

[wizard]

Is it asus rog strix gaming x570-e?
If it is then yeah there's a lot of newer bios releases
Than 2802
Latest version is 5013 so quite possible
That would add some new options

Thank you. This is what I am trying now.

 

[X x X]

it happen to me too
windows would only start in safety mode but apparently windows hello did not work in safety mode so i got stuck in a bootloop
had to fix via cmd