New
#1
BitLocker, TPM and a Ryzen
I simply love the BitLocker functionality. I've always used it and still using for my Intel laptop without TPM, but with a small change in Group Policy to skip TPM and use a password on every boot... and it simply working.
Hovewer, now I've a AMD PC with Ryzen 1700x onboard. I've noticed that the TPM comes free to these CPUs. How to set this thing properly along with BitLocker encrypted system drive? Help needed as I can't figure out the correct UEFI settings, along with Group Policies rules changes, if they're needed to be changed. I've tried to encrypt the system drive (with out of the box UEFI settings), after first Windows installation, but the system booted up without password prompt which I'm for, before every bootup, just like on the laptop.
So, I've played a bit with Group Policy rules and UEFI settings, but still couldn't manage the password prompt. Re-encrypted the drive without any result, discovered a new TPM menu in UEFI, played a bit more with changing settings here and there and stopped. It was on 1809.
How to reset this thing completely without losing or need of Windows re-installation? I've installed 1903 last week so the system isn't protected now, and I haven't touched Group Policy on it. I've updated the BIOS and maybe TPM settings has been reset to default? I can't sleep without securing my data and I don't want to eventually mess up anything this time with a lot of changed settings on a fresh system
How to set it up? Below you can see how it look for my motherboard. ASUS X470 STRIX.
TPM Device Selection is set to Firmware TPM
Erase fTPM NV for factory reset is set to Enabled
I can't tell you the extra UEFI TPM menu since I don't know how to take a printscreen of UEFI? Anybody?
I understand that TPM is used to link all(?) devices together and encrypt them so I can't switch any device before resetting TPM with a key? Or is it just processor specific anti-theft thing?
Thank you in advance.