Trusted Platform Module - Key Attestation not working

Dave 16 Reputation points
2021-06-23T10:18:45.08+00:00

Dear Community,

I've been on this for several days now and i just can't get it to work. So my hope lies with you guys! :-)

My issue is the following:

  • I have a Intel NUC with a TPM 2.0 device.
  • I try to use Auto-Deployment with Shared Multi-user Device.
  • I imported the HWID.csv with the correct hash into MS Endpoint Manager.

When i startup the computer it goes into OOBE correctly but it stops at ... with error.

After some research it appears to be something with the TPM module.

What i've tried so far:

  • Checked for a new firmware upgrade of the TPM device. There is none.
  • Cleared TPM so many times i can't remember.
  • Bios settings set at Secure Boot
  • Played with secure boot settings, tried ALL possible settings.
  • Did every possible TPM powershell command to fiddle with TPM settings.

The weird part is this. When i go to "Settings - Security - Device Security - Security Processor", it says that storage is Ready but Attestation is 'Not Supported'. But when i go to Powershell and use the command 'Get-TpmSupportedFeature' it says 'Key Attestation'. So which is it? Is it supported or not :-S...

Does anyone have an idea how to proceed on this matter?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,757 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Johan Valstar 6 Reputation points
    2022-01-27T14:48:52.167+00:00

    I have the same, I'm running now on Windows 11.

    Powershell gives:
    PS C:\Windows\System32> Get-TpmSupportedFeature
    key attestation
    PS C:\Windows\System32>

    169089-image.png

    Details of the windows version:
    Edition Windows 11 Pro
    Version 21H2
    Installed on ‎27-‎1-‎2022
    OS build 22000.469
    Experience Windows Feature Experience Pack 1000.22000.469.0

    1 person found this answer helpful.
  2. Jiang Zhang 786 Reputation points
    2021-06-25T10:32:46.547+00:00

    Hi,

    If you are facing this issue on windows machine, please provide a detailed description of your machine’ OS version? Is that a win10 or windows server 2016 or any other version?

    If it is not windows-related, based on my research, you may find a solution referring to the following link.

    https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best Regards,
    Mulder Zhang

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Q pvatans 1 Reputation point
    2022-03-21T18:22:37.447+00:00

    185316-screenshot-6.png

    same

    0 comments
  4. Johan Valstar 6 Reputation points
    2022-10-27T12:57:44.333+00:00

    What will be the solution for the key attestation issue?

    0 comments
  5. Daniel Sidler 1 Reputation point
    2024-02-01T13:20:57.5866667+00:00

    Same issue here. Prevents me from autopiloting that device. It's not quite bricked but almost.

    0 comments