How to enable TPM and Secure Boot for Windows 11
Windows 11 now lists TPM 2.0, Secure Boot, and UEFI mode as mandatory options to run it. While modern motherboards support all three of those, for some reason, manufacturers ship their products with TPM and Secure Boot disabled by default. Microsoft has made a new tool for checking Windows 11 compatibility. If Trusted Platform Module and Secure Boot are disabled on your machine, the compatibility check tool will tell your PC is not eligible to run Windows 11, even with the newest hardware.
Why you need a TPM
A TPM is a dedicated processor used to perform hardware-based cryptographic operations to secure encryption keys and defend against malicious tampering of your hardware and the boot process.
Since 2013, Intel and AMD added firmware TPM technology to many of their CPUs that perform the same functionality as a TPM 2.0 processor without the need of a dedicated module.
For Intel Process, this technology is called Intel Platform Trust Technology (Intel PTT), and for AMD, it is called AMD Platform Security Processor.
With Windows 11, Microsoft has brought security to the forefront by requiring a TPM 2.0 or compatible technology (Intel PTT or AMD PSP fTPM) to be available. When a TPM 2.0 is installed in Windows, the operating system can use more robust encryption to secure your Windows Hello PINs, encrypts passwords, and enables more advanced security features, such as Windows Defender System Guard.
How to check whether my PC has TPM 2.0 and Secure Boot enabled
There is no need to enter UEFI/BIOS to check whether your computer has TPM 2.0 and Secure Boot enabled. Windows 10 has a built-in system information tool that shows you all the data you need.
- Press Win + R and enter the
msinfo32
command. - In a new window, click System Summary.
- Find the Secure Boot State line and make sure it is On.
- Next, expand Hardware Resources and click Memory.
- Find the Trusted Platform Module 2.0 State in the list of strings. Make sure its status is OK.
- Alternatively, open Device Manager and expand the Security Devices
- If you have TPM 2.0 enabled, Device Manager will list Trusted Platform Module 2.0 in the Security Devices group.
Compatibility
If you'd like to check your motherboard for compatibility with TPM 2.0 please see the motherboard manufacturer articles below.
MSI
https://www.msi.com/news/detail/MSImotherboardisreadyforWindows11122145
ASUS
https://www.asus.com/microsite/motherboard/ASUS-motherboards-Win11-ready/
AsRock
https://www.asrock.com/news/index.asp?iD=4696
Gigabyte
https://www.gigabyte.com/Press/News/1925
Enable Secure Boot to install Windows 11
Enabling Secure Boot on Intel and AMD-based PCs is an identical procedure. You need to find a section that manages boot settings, such as boot priority, CSM Mode, boot override, etc. Find the Boot section or Boot Settings, and then look for the Secure Boot option. The Boot section is one of the most popular settings in BIOS, so manufacturers tend to place it on a visible spot in the BIOS's main menu.
Make sure System mode set to User and Secure Boot is enabled.
If there is no explicit Secure Boot on/off option, look for the OS Type toggle.
Select Windows UEFI Mode.
Restart your computer. It should boot as usual, without any hiccups or issues.
Enable TPM 2.0 on an Intel-based PC
To enable Trusted Platform Module 2.0 on an Intel-based PC, you need to find the Intel PTT option. It is not a popular setting, so look for it in the Advanced section or a similar list of additional options (Security may also do the trick.)
Tip: Manufacturers nowadays offer two UEFI modes: simplified and advanced or "pro." Make sure you have "advanced" mode enabled with all the features and settings available.
In the above screenshot, you can see that Intel PTT sits in the PCH-FW Configuration section. If you cannot find Intel PTT TMP 2.0 option, refer to your motherboard's user manual or use the search option in BIOS/UEFI.
Enable TPM 2.0 on an AMD-based PC
The same idea goes for AMD. To enable TPM 2.0 on an AMD-based motherboard, find the AMD fTPM option. On a screenshot below, AMD fTPM sits in the Trusted Computing section on the Security tab.
Select Security Device Support - Enable and AMD fTPM - AMD CPU fTPM.
That is it. Now your PC is eligible to upgrade to Windows 11 when it comes out later this year.
Comments
0 comments
Article is closed for comments.