Changed motherboard and CPU. Windows survived, but every boot it wants to reset the PIN/Password

Coram Daes · Jun 17, 2022

This may be related: Updated BIOS - now can't log in to windows??

Please observe this is not about the comp in my specs.

W11 21H2 (22000.739)
I upgraded my wives computer, changed a lot, it was running W11 before, and I wasn't really expecting the OS to survive, but it did. Changed the Motherboard and the CPU plus added a GPU. When booting Windows detected devices and started, no issues. But after a first reboot it told me to change PIN for Security reasons..

Your PIN is no longer available due to a change in the security settings on this device

I entered some random chars, used the three question method to reset the PIN, and could login. She works a few days on the computer, and then, lo and behold, repeat process. Upon testing I have realized it does this at EVERY reboot.

The weird thing is that the computer has a second account that I use for monitoring and system access, that has not this issue. At all.

This has probably something to do with what was mentioned in the above linked thread, yet still, not really the same. The Motherboard is an AMD ( Prime A320I-K ) and it has TPM activated and latest BIOS. I also checked Windows Defender and other settings in the computer, and nothing is giving any warnings, also checked the MS account and the "device listing" on MS site, and all checks out.

The BIOS has the option to change between Firmware TPM and Discreet TPM, but it does not seem to make any difference and frankly I am not sure about the difference.

Messing with the comp on and off, just let me know if you need more info.

Coram Daes · Jun 17, 2022

I may have found the cause. Will do some additional testing, but

I went through account and sign-in options and found that the Windows Hello contraption was not set to sign in with a pin.

... aaaand that was not enough, had to make sure the sign in option was set to password. Anyhow fixed.
Kinda disappointing, I was all prepped and ready to hack bios and tpm stuff, and turns out to be a Windows account setting.

hsehestedt · Jun 17, 2022

I hope that what you found resolves the issue for you, but I just wanted to comment regarding the TPM. You had noted not being sure what the difference is between a firmware and discreet TPM.

Please see the section called "TPM Implementations" in this article:

Trusted Platform Module - Wikipedia

en.wikipedia.org

Bottom line: If your system has both options available, the preferred option should be to use the discreet TPM.

Coram Daes · Jun 17, 2022

Discrete TPMs are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are theoretically the most secure type of TPM because the routines implemented in hardware should be[vague] more resistant to bugs[clarification needed] versus routines implemented in software, and their packages are required to implement some tamper resistance. For example the TPM for your brake controller in your car, so that it does not get hacked by sophisticated methods.[32]

Firmware TPMs (fTPMs) are firmware-based (e.g. UEFI) solutions that run in a CPU's trusted execution environment. Intel, AMD and Qualcomm have implemented firmware TPMs.

Ok, little wiser, thanks. Then I should probably set it to Discrete, as separate TPM chip...

I did read up before W11 installation on my computers some months ago, but all I checked by then was the fTPM availability on my AMD boards, even pondering buying an extra chip if needed. Then suddenly with a BIOS update fTPM became available....