On Windows 11, one of the most significant changes is the requirement for Trusted Platform Module (TPM) version 2.0 and Secure Boot. According to Microsoft, TPM 2.0 and Secure Boot are needed to provide a better security environment and prevent (or at least minimize) sophisticated attacks, common malware, ransomware, and other threats. TPM is a piece of hardware, usually (but not always) integrated into the motherboard, which offers a secure environment to store and protect the encryption keys when encrypting the hard drive using features like BitLocker. On the other hand, Secure Boot is a module that ensures that the device boots only using the software that the manufacturer trusts. This guide will teach you the steps to check and enable TPM 2.0 and Secure Boot to install Windows 11. (See also the steps to enable these two security features on VMware Workstation and Hyper-V to run the new OS on a virtual machine.)

Check if TPM 2.0 is present for Windows 11 Enable TPM 2.0 in BIOS for Windows 11 Check if Secure Boot is present for Windows 11 Enable Secure Boot in BIOS for Windows 11

Check if TPM 2.0 is present for Windows 11

To determine if TPM is enabled for Windows 11, use these steps: If the computer includes a TPM chip, you’ll see the hardware information and its status. Otherwise, if it reads “Compatible TPM cannot be found,” the chip is disabled on the UEFI, or the device doesn’t have a compatible Trusted Platform Module.

Enable TPM 2.0 in BIOS for Windows 11

To enable TPM 2.0 in the BIOS to fix the Windows 11 installation, use these steps: If the motherboard doesn’t have a TPM chip and you are running an AMD processor, the module it’s may be built into the processor, and the option will appear as “fTPM” (firmware-based TPM 2.0) or “AMD fTPM switch.” If the device is an Intel-based system, TPM 2.0 will be available as Platform Trust Technology (PTT).

If the computer does not have a TPM option and this is a custom build, you may be able to purchase a module to add the support. However, you want to consult the motherboard’s manufacturer’s website to confirm that the support exists. After you complete the steps, the Windows 11 check should pass, allowing you to upgrade the computer to the new OS.

Check if Secure Boot is present for Windows 11

To determine whether Secure Boot is enabled on the computer, use these steps: Once you complete the steps, you can continue with the Windows 11 installation if the security feature is enabled. Otherwise, you must follow the steps to enable it inside the UEFI firmware.

Enable Secure Boot in BIOS for Windows 11

If your computer uses the legacy BIOS, you first need to convert the MBR drive to GPT, switch to UEFI mode, and enable Secure Boot. Otherwise, the computer will no longer boot if you enable the newer firmware. If you are trying to perform a clean installation, you can skip the conversion, but this is a requirement if you are trying to upgrade from the Windows 10 desktop. To enable Secure Boot in the BIOS firmware, use these steps: Almost every device with UEFI firmware will include Secure Boot, but if this is not the case, you will need to upgrade the system or consider getting a new computer that meets the Windows 11 requirements.

After you complete the steps, the computer should pass the hardware verification process to proceed with the in-place upgrade or clean install of Windows 11. All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.