11 Replies Latest reply on Dec 19, 2017 7:29 AM by sahopk34

    Unrecoverable error in the TPM hardware




      each time the NUC (NUC7i5BNH) reboots, this entry (source: TPM, ID: 15) is found in the event log (OS Windows 10 Pro 64 bit):



      The device driver for the Trusted Platform Module (TPM) has encountered an unrecoverable error in the TPM hardware that prevents the use of TPM services (such as data encryption). Please contact the computer manufacturer for more help.



      Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.


      Is this a real hardware error in the NUC ?




        • 1. Re: Unrecoverable error in the TPM hardware

          You don't have a true TPM IC in this particular NUC. Instead, you have a TPM emulator (for lack of a better description), called Intel Platform Trust Technology (PTT), running (well, at least trying to run) on the Intel Management Engine (ME). See here for more information: Intel NUC & Compute Stick TPM and PTT Support.


          Because it is a ME issue, my suggestion is to install the latest available BIOS using the jumper-based Recovery Method (see here: Intel NUC BIOS Recovery Update Instructions). After this completes, use F2 to enter BIOS Setup (Visual BIOS) and then use F9 (followed by 'Y') to reset the BIOS configuration. Now, make any changes to the BIOS configuration (boot order, etc.) that are absolutely necessary and then exit from Visual BIOS saving the configuration. Hopefully this will have cleared up the error...


          Hope this helps,


          • 2. Re: Unrecoverable error in the TPM hardware

            Hi Scott,


            I installed the latest BIOS (#0049) , reset all BIOS config to default (F9) but the TPM error is still alive...




            • 3. Re: Unrecoverable error in the TPM hardware

              Have you installed PTT support?

              • 4. Re: Unrecoverable error in the TPM hardware

                ...I didn't find any extra software to install for PTT support.


                On this page <Trusted Platform Module Information > my NUC Intel® NUC Kit NUC7i5BNH is one of the supported products,

                The App "Intel(R) Management Engine Components" is installed in Version, running on Windows 10 Pro.


                What else is missing?




                • 5. Re: Unrecoverable error in the TPM hardware

                  Have you got anywhere with this?  I am having the same issue occurs at boot up.

                  brand new NUC7i5BNH

                  Intel ME driver

                  Windows 10 Pro, joined to domain



                  [ Guid]{1B6B0772-251B-4D42-917D-FACA166BC059}




                  [ SystemTime]2017-11-10T07:25:48.384792800Z


                  [ ProcessID]4
                  [ ThreadID]400


                  [ UserID]S-1-5-18


                  • 6. Re: Unrecoverable error in the TPM hardware

                    Have you enabled Intel Platform Trust Technology in the BIOS? During power on, when the "Intel NUC" splash screen appears, use F2 to enter BIOS Setup (the Visual BIOS program). Click on Advanced and then Security. In the Security Features section on the right, there should be a checkbox item for Intel Platform Trust Technology. Check this to enable the capability. When you exit from Visual BIOS (either via F10 key or the circled X in the upper right corner of the screen), make sure you save the configuration so that the setting persists.


                    Hope this helps,


                    • 7. Re: Unrecoverable error in the TPM hardware

                      Hi Folks,


                      on my NUC (same model) the error is still present (occurs on every reboot) and the flag for Intel Platform Trust Technology is enabled.


                      • 8. Re: Unrecoverable error in the TPM hardware



                        The #3 item (Ensure SecureBoot ...) in the link below may be the reason this error is being logged.


                        TPM System Fundamentals Testing Prerequisites - Windows 8.1 HCK


                        Just #3 (not #1 for sure, and there's no reason to mess with #2). Run msinfo32 like it mentions, except do NOT 'run as admin'.  The mystery is thanks to MS's vague entry about some driver, but this SecureBoot things sounds about right.




                        First. A TPM is primarily used to store your private keys.  At least for Windows. (And to generate them, too, but Infineon firmware has a bug -- see the ROCA link further below)


                        Is this on the 1709 update?


                        When it says "such as data encryption", not all TPMs do encryption since it's optional (and very, very slow to be done in a physical TPM compared to CPU).  Many APIs are optional.  Whether that's the reason for the entry in the log I don't know.  It may be that, if your system drive is not the proper format (GUID partition type, I -think-) then bitlocker won't work on it (I -think-) and that may be the reason for the error entry.




                        you've probably seen.  It would show something about "The TPM is ready for use. (sic) with reduced functionality." because of that.  If you've got a Infinion TPM (you won't on your NUC if it's using PTT) you'd also see "The TPM firmware on this PC has a known security problem..."


                        Not a big help, but on 1703 I don't get the error log entry on my NUC6, but it has these not-available APIs:


                        TBS detected 2.0 firmware TPM (fTPM) using Intel TEE.

                        Missing Ordinals:















                        The PTT on my NUC6i5 does do encrypt/decrypt.  Compare that with a physical TPM:


                        TBS detected 2.0 discrete TPM (dTPM) using TIS on MMIO/IO.

                        Missing Ordinals:












                        TPM_CC_EncryptDecrypt(0x00000164)  <---------- encrypt/decrypt is not available







                        I haven't looked into this for a while, not since before this


                        ROCA: Vulnerable RSA generation (CVE-2017-15361) [CRoCS wiki]


                        but will be soon.


                        ---- NOTICE that on the machine with a physical TPM, and 1709, I get the same log entry as you, so this has nothing to do with your TPM being PTT ---


                        In the end, there's nothing you can do.  It's probably nothing too serious.  To poke around the TPM google this applet:


                        Microsoft Tpm2ToolKit V1.0.

                        Stefan Thom, 2014


                        -GAV  - Get TPM AuthValues

                        -Ppi  - Physical Presence Interface Info

                        -Log  - TCG Log Info

                        -Cap  - Get TPM capabilities

                        -NvK  - Enumerate all persistent keys in NV

                        -NvO  - Enumerate all NV objects

                        -Ord  - Dump missing ordinals

                        -Alg  - Dump supported algorithms and curves

                        -CPh  - Clear with Platform Hierachy

                        -CLA  - Clear with LockoutAuth

                        -CPP  - Clear with Physical Presence Interface

                        -RPR  - Read Platform Configuration Registers

                        -EDP  - Extend debug PCR

                        -RDP  - Reset debug PCR

                        -RCl  - Read Clock

                        -TAK  - Test AES 128bit Key

                        -TEK  - Test ECDSA P-256 Key

                        -THK  - Test HMAC Key

                        -TRK  - Test RSA 2048bit Key

                        -CNG  - Test PCPKSP key creation and usage

                        -DCS  - Dump users 'My' Certificate Store

                        -CCS  - Clear users 'My' Certificate Store

                        -PFX  - Import PFX to users 'My' Certificate Store

                               - Optional parameters for -PFX:





                        -BoE  - Break into the debugger on entry

                        • 9. Re: Unrecoverable error in the TPM hardware

                          I checked on my BN NUC with BIOS 0054 (just released) and don't see any error from the PTT (soft TPM). If re-flashing the BIOS and doing an F9 load defaults does not work, you might want to go to the TPM control panel and clear the TPM from there. From the taskbar search box, type "control" and the old style Windows control panel should appear.


                          You have to be using Windows 10 Pro to see the Bitlocker control panel. Select that and then select TPM Administration in the lower left corner. When that windows appears, select "Clear TPM" in the right side. This should reset the TPM and stop that message hopefully.



                          MrMitch ...

                          • 10. Re: Unrecoverable error in the TPM hardware

                            Hi MrMitch,

                            I can see the Bitlocker control panel and have the option to encrypt all three partitions on the SDD, but I don't need encription on this computer...


                            In the TPM management there are these entries and on the right hand the option to clear TPM.

                            My question is: Which side effects are possible when I clear the TPM at this point? Or would it be better to to this in the BIOS settings ?




                            • 11. Re: Unrecoverable error in the TPM hardware

                              I have an Intel NUC 7i5DNKE. We switched to this version because our reseller said that their Intel rep stated there was a TPM chip in it.


                              It's listed under Products with a Trusted Platform Module (TPM 2.0) on Trusted Platform Module Information.


                              The TPM shows up in tpm.msc and is enabled in the BIOS. However after going through the BitLocker wizard and after a reboot. I get the same error.


                              "The device driver for the Trusted Platform Module (TPM) encountered a non recoverable error in the TPM hardware...."


                              These are brand new out-of-the box.


                              For other products we own from Lenovo or Dell we follow this process to enable BitLocker:


                              1. Enable in BIOS

                              2. Let Windows 10 (64 Bit) install the hardware driver

                              3. Right-click on the drive we want to encrypt

                              4. Choose Turn on BitLocker

                              5. Follow the wizard, save the key, reboot


                              Is there something different on the Intel NUCs that we need to try in order for BitLocker to work?