AMD pripažįsta problemas su fTPM, ruošia pataisymą, kurio reikės laukti iki gegužės

AMD iki šiol nepasiūlė sprendimo kaip išspręsti problemas pasireiškiančias naudojant fTPM (firmware trusted platform module). fTPM yra fizinio TPM modulio pakaitalas AMD platformoje, o šio saugumo modulio reikalauja „Windows 11“ operacinė sistema. Dar praėjusiais metais turintys AMD sistemą ir įjungę fTPM pranešė, kad pastebi įvairius trūkčiojimus, kurie tikrai gali erzinti. AMD pagaliau pažadėjo pataisymą šiai fTPM problemai, bet jo teks laukti iki maždaug gegužės mėnesio. Šį pataisymą gausime BIOS pavidalu iš pagrindinių plokščių gamintojų. Šis atnaujinimas turėtų būti grįstas AGESA 1207 ir naujesniais mikrokodais.

Kenčiantiems nuo fTPM problemos, bet negalintiems šio saugumo modulio išjungti AMD siūlo nusipirkti fizinį TPM modulį. Tiesa, jo kaina yra tikrai nemaža ir siekia 50-100 USD.

Issue Description

AMD has determined that select AMD Ryzen™ system configurations may intermittently perform extended fTPM-related memory transactions in SPI flash memory (“SPIROM”) located on the motherboard, which can lead to temporary pauses in system interactivity or responsiveness until the transaction is concluded.

Update and Workaround

• Update: Affected PCs will require a motherboard system BIOS (sBIOS) update containing enhanced modules for fTPM interaction with SPIROM. AMD expects that flashable customer sBIOS files to be available starting in early May, 2022. Exact BIOS availability timing for a specific motherboard depends on the testing and integration schedule of your manufacturer. Flashable updates for motherboards will be based on AMD AGESA 1207 (or newer).
• Workaround: As an immediate solution, affected customers dependent on fTPM functionality for Trusted Platform Module support may instead use a hardware TPM (“dTPM”) device for trusted computing. Platform dTPM modules utilize onboard non-volatile memory (NVRAM) that supersedes the TPM/SPIROM interaction described in this article.

COMPATIBILITY: Please check with your system or motherboard manufacturer to ensure that your platform supports add-in dTPM modules before attempting or implementing this workaround.

WARNING: If switching an active system from fTPM to dTPM, it is critical that you disable TPM-backed encryption systems (e.g. BitLocker Drive Encryption) and/or back up vital system data prior to switching TPM devices. You must have full administrative access to the system, or explicit support from your IT administrator if the system is managed.