Originally posted as: Potential Problems With Software Using The Win11-Required TPM
This has been an Unpleasant journey, one that I blame on Adobe's rather zealous pursuit of DRM, but I learned some stuff that I feel I should share. Windows 10 & 11 have something called a Credential Manager that you'll find in Control Panel. Windows, any web sites, and any software that you run can store credentials there, along with actual certificates. Windows takes these credentials seriously, and stores them using an available TPM [Trusted Platform Module]. You can usually clear whatever's stored on the TPM in the BIOS setup menus, or in Windows Security -> Device security -> Security processor details -> Security processor troubleshooting. Note that doing so may trigger Windows to require you to use whatever MFA [MultiFactor Authentication] you have set up for the Microsoft account you use with that copy of Windows. [That happened to me setting up a PC for my son. The PC had a real TPM, plus a sort of emulated TPM as part of the AMD CPU firmware. After a BIOS update the CPU's TPM got activated, and when I switched it to use the physical TPM, Win11 went nuts, requiring a few MFA steps (a PITA).] You can also back up the credentials stored in the Credential Mgr. -- it involves browsing to the location where you want to store the .crd file, then pressing Control + Alternate + Delete to get a secure screen where you enter a password.
The Credential Mgr. itself has a hard limit for how many credentials can be stored, which unfortunately can matter since some companies [& I imagine web sites] can add a very large amount of credentials if they want to. Those credential can also be used for tracking, since they can be and are read. Unfortunately removing a credential is a multi-click process that has to be done one at a time. There is a simple PowerShell script on GitHub for removing *some* Adobe credentials that you might be able to adapt -- Google.
In my case I *think* Adobe software using credentials tried to write something to the TPM during Win11 shut down, but did so improperly, triggering a BIOS error. That error showed up when I started the PC the next day, having to enter the BIOS setup to get out of the BIOS Safe Mode. An everyday PITA. In the process of getting that problem to go away I found that with this motherboard at least I could select something called a Physical Presence Spec. for the AMD CPU's TPM, with the choice between 1.2 & 1.3. Win11 allegedly requires 1.3, but info was beyond scarce when I Googled. Windows lists it as PPI specification at Windows Security -> Device security -> Security processor details. I mention it because I had to restart a 2nd time after changing the version before that same page showed the TPM was ready.
At this point I think if I had a *Do Over* I'd leave the TPM off or disabled when I 1st installed Win11. Win11's been fine on the devices without a TPM where I've got Win11 installed, and I'd have never wasted the hours I've spend with this mess.