Installing an Infineon TPM in the Gigabyte GA-77X-UP5 TH motherboard

19 September 2013

BitLocker is a great way to have peace of mind about your computer data security. At work, all of our machines are typically mandated to use BitLocker, and it seems like a majority of the Windows notebooks these days that are intended for business use come equipped with a TPM module, enabling the opportunity to use BitLocker.

At home, I tend to have a nice, fast hand-built workstation full of parts from NewEgg. Most recently, in early 2013, I built a zippy workstation using the Gigabyte GA-Z77X-UP5 TH motherboard model. It features the Intel LGA 1155 + Z77 architecture, dual thunderbolt ports, support for a number of nice operating systems, and it also has headers and BIOS support on the motherboard for a Trusted Platform Module (TPM) chip.

But it doesn’t come with a TPM module and there doesn’t seem to be a lot of documentation about how to obtain one in the retail market.

Forums + Blogs

I found a few references on forums saying that Gigabyte users are relatively out of luck; others saying they got some traction in learning who builds out and sells TPM modules, but none that fit the slot.

Thankfully I came across a post by the blogger “TechBobbins” about Gigabyte Motherboard TPM Compatbility. In the post, the author has found out that the 19-pin TPM modules sold by ASUS are Infineon-branded TPM modules and compatible at the technical level with the socket on the Gigabyte motherboard.

Now the problem is: the PCB for the Infineon TPM actually extends the length of the connector, so if it has to fit into a socket like that on the Gigabyte motherboard, you’re out of luck. The author’s recommendation is to purchase dual USB extension cables and then use these to connect to the motherboard socket. Problem with this is the need to then securely mount or protect this module then from moving around, shorting out, etc., since it would be a loose component.

Jeff’s TPM + Gigabyte solution

I couldn’t easily find USB extension cables except for the 9-pin variety, so I went for a more classic solution:

  • Find a utility razor
  • Carefully slip the razor between the PCB and the plastic connector
  • Wedge a half centimeter or so of space between the components by carefully, slowly bending the metal PCB connectors. The 90-degree metal joints feel very sturdy and even with bending remain very solid.
  • Simply plug the TPM module into the motherboard.

BitLocker setup

After this, I was able to get the TPM module enabled:

  • Boot the computer. DEL into the BIOS
  • Move to the Peripherals - Trusted Computing menu item that now appears.
  • Switch the TPM SUPPORT menu item from Disabled to Enable
  • Save settings and restart

Then setup BitLocker in Windows Pro:

  • Search for BitLocker from the Start Menu
  • Follow the steps to set up, store a backup key on a USB thumb drive (that you can then store safely or encrypt somewhere)
  • A few reboots by Windows
  • Encrypting the drive

Easy enough. My data is now quite secure, though of course I need to keep my recovery key safe, plus assume that I trust that the manufacturer of the TPM doesn’t have the original private key handy for anyone to get to.

Jeff Wilcox is a Software Engineer at Microsoft in the Open Source Programs Office (OSPO), helping Microsoft engineers use, contribute to and release open source at scale.

comments powered by Disqus