How To Enable TPM On ASRock Motherboards

The Trusted Platform Module (TPM) is a cryptographic module that adds hardware-based security benefits to systems. That limits unauthorized access to your data, especially from vectors like brute force attacks.

Historically, TPM used to be implemented via a special chip on the motherboard. On modern motherboards, manufacturers tend to integrate the TPM into the chipset and implement it as a firmware-based solution rather than a separate chip.

In either case, you can enable Firmware TPM (fTPM) on the ASRock motherboard from your firmware interface. The steps will differ slightly between Intel and AMD processors.

Why You Should Enable TPM

The main reason why TPM has suddenly become a major concern is because TPM 2.0 is one of the minimum requirements for Windows 11. While there are ways to bypass this requirement, officially you cannot install Windows 11 without enabling TPM 2.0.

Also, it’s a good idea to enable the TPM for security benefits. Some that are relevant to end users include:

Measured Boot

The TPM can generate and store a hash key summary of your system configuration. Anti-malware software can use the TPM boot component log to determine whether this hash matches or not for each boot. If the system has been tampered with, the measurements will not match and the system may not boot to protect your data.

Some examples of tampering include malware, brute-force attacks, remote access attempts from unauthorized sources, or simply moving the HDD to another system (usually done to bypass password protection at login).

BitLocker Drive Encryption

BitLocker encrypts the OS volume so even if the volume is mounted to a different system to bypass protection methods, your data remains safe. BitLocker works with the TPM to ensure you can only access data if system integrity is verified (via metered boot).

Dictionary Attack Protection

Keys protected by TPM can use authorization values ​​like PINs. TPM can limit the number of attempts to determine the PIN in a more secure way compared to software solutions.

Windows Hello

Windows Hello replaces passwords with other authentication methods such as encrypted keys. Protecting these keys with TPM is more secure than software based techniques.

Overall, you should enable TPM if maximizing platform security is a priority.

Enabling TPM On ASRock Intel Boards

As mentioned earlier, the TPM is configured via your firmware interface. Here are the steps required if you are using an Intel processor:

Turn on your PC and press F2 or Del to enter BIOS Setup. In tabs Securityset Intel Platform Trust Technology to Activate. Switch to tabs Go out and choose Save changes and exit.

Enabling TPM On ASRock AMD Boards

The process is mostly the same for AMD processors too. You access the BIOS/UEFI interface and configure it as shown below:

Turn on your PC and press F2 or Del to enter BIOS Setup. Switch to tabs Advanced and choose CPU configuration. Set AMD fTPM Switches to AMD CPUs fTPM and press Enter. Switch to Go out tabs and select Save changes and exit.

Verifying TPM Status

After saving changes and exiting, the PC should reboot. You can now verify that you have successfully enabled the TPM from the Microsoft Management Console.

Press Win + R, type tpm.msc, and press Enter. You will see a “TPM ready to use” message in the Status section.

At this point, you can start using the various security features that the TPM includes such as BitLocker or Windows Hello. Note that you can perform tasks such as removing the TPM from the console.

If you still see the “No compatible TPM found” message, there are two possibilities. You may have exited the BIOS without properly saving changes. Or, the TPM device may not be detected, in which case you can refer to the linked guide on how to proceed further.