Adding support for TPM 2.0 and Secure Boot?

[Strimst]

Hi, is it possible to modify a bios to add unofficial support for TPM 2.0 and Secure Boot?

[KingCornWallis]

Hi, is it possible to modify a bios to add unofficial support for TPM 2.0 and Secure Boot?

I presume we are looking for official Windows 11 support, and it is at this time that I should make clear that Rufus can be bypass these requirements. I am also going to assume we are talking about a LAPTOP, which is relevant to the TPM discussion.

So 2 things as I understand them:

1. Secure Boot is a feature, and could be added to an existing UEFI (aka BIOS). It is a requirement of newer versions of UEFI, and only supports UEFI. Legacy BIOS implementations will never work.

The problem (judging by the lack or responses) is that to 'add' Secure Boot to a UEFI (BIOS) you would need to do some considerable low level programming. The typical BIOS mod just modifies a few ID's to add explicit support for hardware that should realistically already be supported (whitelisting). Adding a feature to an embedded system like this is quite literally what Firmware Engineers do for a lucrative living; No one is going to be doing this for free without an extremely compelling use case.

2. The TPM 2.0 thing is a little more hazy. TPM 2.0 is a specification, and the TPM itself is just a small silicon chip that can do a little crypto processing and has a tiny bit of storage (for keys). If there is no TPM on your motherboard, you can't add one (after the fact; unless it's a desktop or a specialty laptop I have not seen yet). If there is a TPM on your motherboard, it can be one of the older specifications...namely 1.2. From what I have gathered, it should be very possible to update a physical TPM to the 2.0 specification using a programmer. Haven't looked into doing it myself, nor have I seen others do it though. 

With all that being said, unless you have a laptop with a TPM of some spec on-board, trying to add the feature (which again, very time consuming/demanding) is pointless as you don't have the hardware it needs. In the fringe case that you do have an older TPM spec (like 1.2) on-board and want TPM 2.0, I believe all that needs to happen is the (tentatively possible) upgrade to the 2.0 spec (using an external programmer on the module; which if possible will not be as straightforward as interfacing with a BIOS module). Your UEFI (BIOS) should then read the TPM spec as 2.0 just like it can read the amount of RAM installed.