Windows 10: TPM and secure boot issues

I bought a brand new PC from Best Buy for gaming and it came with nothing on it not even windows. I had to contact the PC company itself to get them to send me a production key for windows just to put it on my PC and I’m running into this issue where it says my TPM and secure boot are not enabled but in my settings, it says they are And I am unsure what to do at this point as I would like to be able to compete Fortnite tournaments and those are needed to do so. In my PC settings when I hit F2 when starting my PC, it says they are enabled, but on Fortnite and when I hit the windows button and t

:)

 

Inaccessible Boot Device - Likely due to TPM and Secure Keys

When I boot my custom build desktop, I'm getting Inaccessible Boot Device. I then get to WinRE and I am able to go to the command prompt and I can see the windows installation on driver D.

I tried running

• Startup Repair - No luck, nothing fixed, issue remains
  
• cmd prompt - sfc/SCANNOW /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows [enter].
  
• cmd prompt - chkdsk d: /r (answered yes to dismount)
  
• Restart Options - disable driver signature enforcement
  
• Restart Options - disable early launch anti-malware protection
  
• Safe mode
  
• playing with different settings in BIOS
  

How did I get into this messy situation:

• Win 10, tried to upgrade to Win 11. TPM was not enabled in BIOS
  
• Enabled fTPM in mobo (ASUS Prime X570-Pro)
  
• Win 10 was using legacy MBR. Successfully converted to GPT. Changed mobo to UEFI in compatibility mode (UEFI and Legacy OPROM, storage devices and PCIe devices in UEFI only mode). Boot Device is an NVME SSD (PCIE-4 compatible). Bitlocker was never enabled.
  
• No issues so far and I was able to start Win11 installation.
  
• After a few auto-reboots, at around 75% the installation failed. Inaccessible Boot Device
  
• Win11 installation was successfully reverted and I was able to login to Win10
  
• restarted the win11 install. same issue at aroung 75%
  
• Upgraded Mobo Firmware (v2407 to v4021).
  
• Win 11 installation failed again.
  
• Changed bios configs and could not boot anymore
  

Unfortunately I don't have the exact sequence of steps but these are the areas I played with

• I never run the TPM module in windows after enabling TPM in the BIOS.
  
• I was looking into Bios as some forum post suggested making sure SATA was set to AHCI. But I am using RAID on my SATA spinning HDDs. The system is booting from NVMe SSD
  
• I noticed that Bios -> Boot -> Boot/Secure Boot -> OS Type - Was set to "Other OS" and changed it to "Windows UEFI Mode"
  
• Unfortunately I don't remember if I changed any other settings at this point.
  

Other things I have tried

• Bios - Saved secured keys to USB drive and deleted existing keys (only after changing the OS type and the issue already present)
  
• Bios - installed default secure boot keys
  
• Bios - Restored saved secure boot keys
  
• Disabled fTPM (by setting it to discrete TPM - there are no external TPM module in my setup)
  
• Bios -> Advanced -> Trusted Computing -> Security Device Support - Disable
  
• Bios -> Advanced -> Trusted Computing -> Disable Block Sid -> Enable (only for next boot)
  
• A few combinations of the configs above, though likely not exhaustive of all combinations
  

I also tried to boot from the Win 10 Installation DVD and try to repair the win10 installation, but no success. Though it is possible I could have had a a bad choice of bios settings when trying this.

Any ideas on what I can do next? What would be the best procedure to try to recover the system?

• fTPM enabled
  
• Should I clear the Secure Boot Keys? Leave them empty or install default ones?
  
• Security Device Support - Leave it enabled? there are some options such as platform hierarchy and storage hierarchy (both enabled)
  
• TPM 2.0 UEFI Spec version is TCG_2 / Physical Presence Spec Version is 1.3
  
• Try to repair windows with the settings above?
  
• Try to re-install Win10 preserving personal files?
  

Thanks,

Felipe.

 

TPM update

Don't know if this is the right place for this thread but whatever, laptop informed me that " a firmware update is needed for you security processor (TPM)," now, i looked up what to do and from a microsoft support thing, the last step says to clear the tpm. it has a warning saying to back up my data, i would like to know what clearing the tpm does, and what measures i need to take to make sure nothing goes wrong.

 

BSOD when enabling TPM 2.0 and Secure Boot

Hi everyone,

I know that this has been a recurrent issue for some people, but I still am not sure about the answer to this problem. I will include some dump files below as well.

System Background Info:

• Gigabyte B560 DS3H AC-Y1 Motherboard
  
• BIOS Version/Date = American Megatrends International, LLC. F4, 6/18/2021
  
• Intel Processor (11th Gen Intel(R) Core(TM) i7-11700F @ 2.50GHz, 2496 Mhz, 8 Core(s), 16 Logical Processor(s))
  

Since Riot has started forcing users to implement Vanguard in playing LoL, I have experienced difficulties with my PC. I could not initialize Vanguard on my PC at first because I did not have secure boot or TPM 2.0 enabled, so as one does, I looked up tutorials on enabling these features in BIOS. Some info/steps on what I had to do:

1. I did not mess with the formatting of my motherboard's drives. My drive was already formatted to GPT, so no worries with that.
   
2. I already have my motherboard on UEFI instead of older formatting.
   
3. I went in and enabled Secure Boot, making sure the boot was "Active" (since it was at first showing as "Inactive").
   
4. I enabled TPM.
   
5. Rebooted, experienced never-ending blue screen loop until I reverted these changes. I also had to do run the "chckdsk" command to actually clean up the issues caused by enabling TPM and Secure Boot. Computer runs fine now, but still no progress with TPM and Secure Boot.
   

My question is, does anyone have a fix for this issue? I would like to have secure boot enabled as well as TPM 2.0 so I can play games with my friends, but I also obviously don't want recurrent blue-screening. I do realize that my BIOS is out-of-date, and I am anticipating that this may be where the issue is coming from. I was also recommended by users on Reddit to do a fresh reinstall of Windows 11, but I feel like this may be too complicated for me to do on my own.

Here are those dump files: https://www.mediafire.com/file/65mv4r9o36vi08g/Minidump.zip/file (let me know if these are accessible or not). Some common BSOD errors I am receiving are the Event 56 ACPI 2 error, the Event 1 WHEA-Logger error, and the Event 29 Kernel-Boot error (0xC00000D4).