<!–
–>
If you have a computer with modern hardware that you plan to upgrade to Windows 11, you want to check and enable TPM 2.0 and Secure Boot as part of the upgrade preparation process.
On Windows 11, one of the most significant changes is the requirement for Trusted Platform Module (TPM) version 2.0 and Secure Boot. According to Microsoft, TPM 2.0 and Secure Boot are needed to provide a better security environment and prevent (or at least minimize) sophisticated and threats like those against hardware and firmware, common malware, ransomware, and other attacks.
TPM is a piece of hardware, usually (but not always) integrated into the motherboard that offers a secure environment to store and protect the encryption keys when encrypting the hard drive using features like BitLocker. On the other hand, Secure Boot is a module that ensures that computer boots only using the software that the manufacturer trusts.
In this guide, you will learn the steps to check and enable TPM 2.0 and Secure Boot to install Windows 11. (See also the steps to enable these two security features on VMware Workstation and Hyper-V to run the new OS on a virtual machine.)
Check if TPM 2.0 is present on Windows 10
To determine if TPM is enabled on the computer, use these steps:
-
Open Start on Windows 10.
-
Search for tpm.msc and click the top result to open the Trusted Platform Module (TPM) Management tool.
-
In the Status and TPM Manufacturer Information to confirm TPM is present and version.
If the device includes a TPM chip, then you’ll see the hardware information and its status. Otherwise, if it reads “Compatible TPM cannot be found,” then the chip is disabled on the UEFI, or your computer doesn’t have a compatible Trusted Platform Module.
Enable TPM 2.0 on UEFI firmware for Windows 11
To enable TPM 2.0 on your computer, use these steps:
-
Open Settings.
-
Click on Update & Security.
-
Click on Recovery.
-
Under the “Advanced startup” section, click the Restart now button.
-
Click on Troubleshoot.
-
Click on Advanced options.
-
Click the UEFI Firmware settings option.
.Windows_Software_Technology-Big-343 { display:inline-block; width: 300px; height: 600px; } @media(min-width: 500px) { .Windows_Software_Technology-Big-343 { width: 300px; height: 600px;} } -
Click the Restart button.
-
Click the advanced, security, or boot settings page, depending on the motherboard.
-
Select the TPM 2.0 option and choose the Enabled option.
If the motherboard doesn’t have a TPM chip, and you are running an AMD processor, the module is likely built into the processor, and the option will be available as “fTPM” (firmware-based TPM 2.0) or “AMD fTPM switch.” If the device is an Intel-based system, TPM 2.0 will be available as Platform Trust Technology (PTT).
If the computer does not have a TPM option, and this is a custom build, you may be able to purchase a module to add the support. However, make sure to consult the motherboard’s manufacturer website to confirm that the support exists.
After you complete the steps, the Windows 11 check should pass, allowing you to upgrade the computer to the new OS.
Check if Secure Boot is present on Windows 10
To determine whether Secure Boot is enabled on the computer, use these steps:
-
Open Start.
-
Search for System Information and click the top result to open the app.
-
Click on System Summary on the left pane.
-
Check the “Secure Boot State” information and confirm the feature is set to On. If it’s not, you need to enable the option manually.
Once you complete the steps, if the security feature is enabled, you can continue installing Windows 11. Otherwise, you need to follow the steps to enable it inside the UEFI firmware.
Enable Secure Boot on UEFI firmware for Windows 11
To enable Secure Boot on UEFI to install Windows 11, use these steps:
-
Open Settings.
-
Click on Update & Security.
-
Click on Recovery.
-
Under the “Advanced startup” section, click the Restart now button.
-
Click on Troubleshoot.
-
Click on Advanced options.
-
Click the UEFI Firmware settings option.
-
Click the Restart button.
-
Click the advanced, security, or boot settings page, depending on the motherboard.
-
Select the “Secure Boot” option and choose the Enabled option.
Almost all devices featuring UEFI firmware will include Secure Boot, but if this is not the case, you will need to upgrade the system or consider getting a new computer that meets the Windows 11 requirements.
After you complete the steps, the computer should pass the hardware verification process to proceed with the in-place upgrade or clean install of Windows 11.
Post a Comment