Windows 10: BSOD when enabling TPM 2.0 and Secure Boot

Hi everyone,I know that this has been a recurrent issue for some people, but I still am not sure about the answer to this problem. I will include some dump files below as well.System Background Info:Gigabyte B560 DS3H AC-Y1 MotherboardBIOS Version/Date = American Megatrends International, LLC. F4, 6/18/2021Intel Processor 11th Gen IntelR CoreTM i7-11700F @ 2.50GHz, 2496 Mhz, 8 Cores, 16 Logical ProcessorsSince Riot has started forcing users to implement Vanguard in playing LoL, I have experienced difficulties with my PC. I could not initialize Vanguard on my PC at first because I did

:)

 

How to enable TPM

Hi, regarding your query I suggest to link Mai official link to get better understanding about your motherboard tpm settings. Below is the link.

MSI TPM settings

 

TPM and Secure Boot, Is it worth a reinstall for Windows 10

Hi Gavin,

I am Dave, I will help you with this.

If your motherboard supports TPM 2.0, and UEFI Boot, then yes, your system would be more secure if you enabled TPM 2/0 and Secure Boot.

There is a way to enable them without re-installing Windows, read the link below from Microsoft on how to convert your drive from an MBR partition style to GPT, you can then enable Secure Boot and TPM.

Of you do use this method, please backup your personal files first.

https://docs.microsoft.com/en-us/windows/deploy...

 

Inaccessible Boot Device - Likely due to TPM and Secure Keys

When I boot my custom build desktop, I'm getting Inaccessible Boot Device. I then get to WinRE and I am able to go to the command prompt and I can see the windows installation on driver D.

I tried running

• Startup Repair - No luck, nothing fixed, issue remains
  
• cmd prompt - sfc/SCANNOW /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows [enter].
  
• cmd prompt - chkdsk d: /r (answered yes to dismount)
  
• Restart Options - disable driver signature enforcement
  
• Restart Options - disable early launch anti-malware protection
  
• Safe mode
  
• playing with different settings in BIOS
  

How did I get into this messy situation:

• Win 10, tried to upgrade to Win 11. TPM was not enabled in BIOS
  
• Enabled fTPM in mobo (ASUS Prime X570-Pro)
  
• Win 10 was using legacy MBR. Successfully converted to GPT. Changed mobo to UEFI in compatibility mode (UEFI and Legacy OPROM, storage devices and PCIe devices in UEFI only mode). Boot Device is an NVME SSD (PCIE-4 compatible). Bitlocker was never enabled.
  
• No issues so far and I was able to start Win11 installation.
  
• After a few auto-reboots, at around 75% the installation failed. Inaccessible Boot Device
  
• Win11 installation was successfully reverted and I was able to login to Win10
  
• restarted the win11 install. same issue at aroung 75%
  
• Upgraded Mobo Firmware (v2407 to v4021).
  
• Win 11 installation failed again.
  
• Changed bios configs and could not boot anymore
  

Unfortunately I don't have the exact sequence of steps but these are the areas I played with

• I never run the TPM module in windows after enabling TPM in the BIOS.
  
• I was looking into Bios as some forum post suggested making sure SATA was set to AHCI. But I am using RAID on my SATA spinning HDDs. The system is booting from NVMe SSD
  
• I noticed that Bios -> Boot -> Boot/Secure Boot -> OS Type - Was set to "Other OS" and changed it to "Windows UEFI Mode"
  
• Unfortunately I don't remember if I changed any other settings at this point.
  

Other things I have tried

• Bios - Saved secured keys to USB drive and deleted existing keys (only after changing the OS type and the issue already present)
  
• Bios - installed default secure boot keys
  
• Bios - Restored saved secure boot keys
  
• Disabled fTPM (by setting it to discrete TPM - there are no external TPM module in my setup)
  
• Bios -> Advanced -> Trusted Computing -> Security Device Support - Disable
  
• Bios -> Advanced -> Trusted Computing -> Disable Block Sid -> Enable (only for next boot)
  
• A few combinations of the configs above, though likely not exhaustive of all combinations
  

I also tried to boot from the Win 10 Installation DVD and try to repair the win10 installation, but no success. Though it is possible I could have had a a bad choice of bios settings when trying this.

Any ideas on what I can do next? What would be the best procedure to try to recover the system?

• fTPM enabled
  
• Should I clear the Secure Boot Keys? Leave them empty or install default ones?
  
• Security Device Support - Leave it enabled? there are some options such as platform hierarchy and storage hierarchy (both enabled)
  
• TPM 2.0 UEFI Spec version is TCG_2 / Physical Presence Spec Version is 1.3
  
• Try to repair windows with the settings above?
  
• Try to re-install Win10 preserving personal files?
  

Thanks,

Felipe.