u/Front_Appointment274

Hey everyone, I've been dealing with a frustrating TPM attestation issue and I've run out of ideas after trying everything I could find. Hoping someone here has dealt with this before.

My specs:

• Motherboard: MSI B450M PRO-VDH MAX (BIOS version B.O0, latest available)
• CPU: AMD Ryzen 5 5600
• OS: Windows 11 64-bit
• TPM: AMD fTPM 2.0 (firmware version 3.94.0.5)

The problem:

When running tpmtool getdeviceinformation, both "Has Attestation Capability" and "Is Ready for Attestation" return False. The information flags line shows INFORMATION_EK_CERTIFICATE, which means the TPM has an EK but no valid certificate from AMD.

What I've already tried:

• Ran the standard TPM repair script (recreating scheduled tasks Tpm-Maintenance, Tpm-HASCertRetr, Tpm-PreAttestationHealthCheck and re-running them)
• Cleared the TPM from BIOS (Pending Operation → TPM Clear)
• Updated BIOS to latest version (B.O0)
• Updated AMD Chipset Drivers to latest version (8.05.04.516, released 2026-05-18)
• Ran Initialize-Tpm -AllowClear -AllowPhysicalPresence → returned TpmReady: True but attestation still false
• Manually ran TPM scheduled tasks multiple times
• Verified connectivity to ftpm.amd.com — reachable (returns 400 Bad Request, meaning the server responds)
• Checked Event Viewer: EventID 1537 shows the device health certificate was successfully provisioned from has.spserv.microsoft.com, but EventID 17 keeps appearing after every reboot ("The TPM hardware failed to execute a TPM command")
• TPM ownership is now True after the clear, but TakeOwnership() via WMI still returns error 0x80290054 (TPM_E_NOEK)
• CreateEndorsementKeyPair() returns 0x80290048 (TPM_E_DISABLED)
• AMD PSP driver version is 5.44.0.0 (dated 2026-03-16)

Current tpmtool output:

TPM Present: True
TPM Version: 2.0
TPM Manufacturer: AMD
TPM Firmware Version: 3.94.0.5
Is Initialized: True
Is Ready for Storage: True
Is Ready for Attestation: False
Information Flags: INFORMATION_EK_CERTIFICATE
Has Attestation Capability: False
TPM Spec Version: 1.38
TPM Error Date: Friday, March 02, 2018

The "TPM Error Date: March 02, 2018" is suspicious and seems hardcoded or stuck, as it predates my system build.

My theory:

This looks like a known fTPM bug on B450 boards with Ryzen 5000 CPUs, where the EK certificate cannot be properly generated due to a firmware incompatibility between MSI's BIOS and AMD's PSP. The TPM provisions successfully according to Event Viewer, but something resets or corrupts the state on every reboot.

Has anyone managed to fix this? I'm considering getting a discrete TPM module for the physical header on the board as a last resort. Any help is appreciated.

Hola a todos, llevo un buen rato lidiando con un problema de atestación del TPM y ya agotué casi todas las soluciones que encontré. Espero que alguien haya pasado por esto antes.

Mis componentes:

• Placa madre: MSI B450M PRO-VDH MAX (BIOS versión B.O0, última disponible)
• Procesador: AMD Ryzen 5 5600
• Sistema operativo: Windows 11 64-bit
• TPM: AMD fTPM 2.0 (versión de firmware 3.94.0.5)

El problema:

Al correr tpmtool getdeviceinformation, tanto "Tiene la capacidad de atestación" como "Está listo para la atestación" devuelven Falso. La línea de marcas de información muestra INFORMATION_EK_CERTIFICATE, lo que significa que el TPM tiene una clave EK pero no tiene un certificado válido emitido por AMD.

Lo que ya intenté:

• Corrí el script estándar de reparación del TPM (recreando las tareas programadas Tpm-Maintenance, Tpm-HASCertRetr y Tpm-PreAttestationHealthCheck y ejecutándolas manualmente)
• Limpié el TPM desde la BIOS (Pending Operation → TPM Clear)
• Actualicé la BIOS a la última versión disponible (B.O0)
• Actualicé los AMD Chipset Drivers a la última versión (8.05.04.516, fecha 2026-05-18)
• Corrí Initialize-Tpm -AllowClear -AllowPhysicalPresence → devolvió TpmReady: True pero la atestación sigue en falso
• Ejecuté las tareas programadas del TPM manualmente varias veces
• Verifiqué conectividad con ftpm.amd.com — el servidor responde (devuelve 400 Bad Request, lo cual confirma que hay conexión)
• Revisé el Visor de eventos: el EventID 1537 muestra que el certificado de estado del dispositivo se aprovisionó correctamente desde has.spserv.microsoft.com, pero el EventID 17 sigue apareciendo después de cada reinicio ("El hardware del TPM no pudo ejecutar un comando de TPM")
• El ownership del TPM ahora es True después del borrado, pero TakeOwnership() por WMI sigue devolviendo el error 0x80290054 (TPM_E_NOEK)
• CreateEndorsementKeyPair() devuelve 0x80290048 (TPM_E_DISABLED)
• Versión del driver AMD PSP: 5.44.0.0 (fecha 2026-03-16)

Output actual de tpmtool:

TPM presente: Verdadero
Versión de TPM: 2.0
Fabricante: AMD
Versión de firmware: 3.94.0.5
Se ha inicializado: Verdadero
Está listo para el almacenamiento: Verdadero
Está listo para la atestación: Falso
Marcas de información: INFORMATION_EK_CERTIFICATE
Tiene la capacidad de atestación: Falso
Versión de especificación TPM: 1.38
Fecha de error de TPM: Friday, March 02, 2018

La "Fecha de error de TPM: 2 de marzo de 2018" es sospechosa y parece estar fija o corrupta, ya que es anterior a la construcción de mi PC.

Mi teoría:

Esto parece ser un bug conocido del fTPM en placas B450 con CPUs Ryzen 5000, donde el certificado EK no puede generarse correctamente debido a una incompatibilidad de firmware entre la BIOS de MSI y el PSP de AMD. El TPM se aprovisiona correctamente según el Visor de eventos, pero algo resetea o corrompe el estado en cada reinicio.

¿Alguien logró solucionar esto? Estoy considerando comprar un módulo TPM discreto para el header físico de la placa como último recurso. Cualquier ayuda es bienvenida.

Hey everyone, I've been dealing with a frustrating TPM attestation issue and I've run out of ideas after trying everything I could find. Hoping someone here has dealt with this before.

My specs:

• Motherboard: MSI B450M PRO-VDH MAX (BIOS version B.O0, latest available)
• CPU: AMD Ryzen 5 5600
• OS: Windows 11 64-bit
• TPM: AMD fTPM 2.0 (firmware version 3.94.0.5)

The problem:

When running tpmtool getdeviceinformation, both "Has Attestation Capability" and "Is Ready for Attestation" return False. The information flags line shows INFORMATION_EK_CERTIFICATE, which means the TPM has an EK but no valid certificate from AMD.

What I've already tried:

• Ran the standard TPM repair script (recreating scheduled tasks Tpm-Maintenance, Tpm-HASCertRetr, Tpm-PreAttestationHealthCheck and re-running them)
• Cleared the TPM from BIOS (Pending Operation → TPM Clear)
• Updated BIOS to latest version (B.O0)
• Updated AMD Chipset Drivers to latest version (8.05.04.516, released 2026-05-18)
• Ran Initialize-Tpm -AllowClear -AllowPhysicalPresence → returned TpmReady: True but attestation still false
• Manually ran TPM scheduled tasks multiple times
• Verified connectivity to ftpm.amd.com — reachable (returns 400 Bad Request, meaning the server responds)
• Checked Event Viewer: EventID 1537 shows the device health certificate was successfully provisioned from has.spserv.microsoft.com, but EventID 17 keeps appearing after every reboot ("The TPM hardware failed to execute a TPM command")
• TPM ownership is now True after the clear, but TakeOwnership() via WMI still returns error 0x80290054 (TPM_E_NOEK)
• CreateEndorsementKeyPair() returns 0x80290048 (TPM_E_DISABLED)
• AMD PSP driver version is 5.44.0.0 (dated 2026-03-16)

Current tpmtool output:

TPM Present: True
TPM Version: 2.0
TPM Manufacturer: AMD
TPM Firmware Version: 3.94.0.5
Is Initialized: True
Is Ready for Storage: True
Is Ready for Attestation: False
Information Flags: INFORMATION_EK_CERTIFICATE
Has Attestation Capability: False
TPM Spec Version: 1.38
TPM Error Date: Friday, March 02, 2018

The "TPM Error Date: March 02, 2018" is suspicious and seems hardcoded or stuck, as it predates my system build.

My theory:

This looks like a known fTPM bug on B450 boards with Ryzen 5000 CPUs, where the EK certificate cannot be properly generated due to a firmware incompatibility between MSI's BIOS and AMD's PSP. The TPM provisions successfully according to Event Viewer, but something resets or corrupts the state on every reboot.

Has anyone managed to fix this? I'm considering getting a discrete TPM module for the physical header on the board as a last resort. Any help is appreciated.