How to enable TPM in BIOS to install Windows 11

Hello friends. In this post, we will look at how to enable TPM in BIOS. TPM is a computer crypto security module, and most of us did not need it for nothing until recently, until Microsoft at the end of June, 2021, presented the new Windows 11 operating system, for the official use of which TPM version 2.0 is required.

Windows 11 has stricter system requirements, aimed at PCs and laptops only with modern hardware, and one of the requirements concerns the presence of TPM 2.0 on the computer – hardware or emulated by motherboard technologies. If your computer has a TPM device or technology to emulate it, these things are usually disabled by default in the BIOS. Let’s take a look at what TPM 2.0 is in general, and how to enable it in BIOS.

 

↑ How to enable TPM in BIOS

 

↑ What is TPM 2.0

Friends, the stricter system requirements of Windows 11 make it impossible to officially use the operating system on PCs and laptops released earlier than 2017. The list of support for the new Windows includes processors not earlier than 2017 release. Slightly older than the bottom bar of supported processors is version 2.0 of the TPM specification: this standard became mandatory for support by hardware modules and processor emulation in 2015, and mass-certified OEM devices with TPM 2.0 on board by Microsoft began to appear on the market starting in 2016. Friends, if you want, you can see a full analysis of the system requirements of Windows 11 – in detail about all of them, about their importance for working with the new operating system – in the article on the site “Running Windows 11 on this computer is not possible.” As for specifically TPM 2.0, if it does not exist, if there is no version 2.0, then Windows 11 will not be installed in the usual way using the installation media. In the course of a normal installation, we will encounter an error.

TPM (abbr. Trust Platform Module) is a cryptographic security module that serves to protect data, it is found in modern smartphones, tablets, laptops. It is a small chip that stores encryption keys in its microcircuit. Having a unique identifier, it provides authenticity of access on a computer device, protects against bootkits and rootkits at a vulnerable stage before Windows boots. Provides features using biometric data such as Windows Hello, access using a fingerprint reader. Provides the ability to electronically sign documents. TPM can be implemented:

  • As a hardware device and integrated into a laptop, candy bar and other type of computer device;
  • As a hardware device, it is integrated into the PC motherboard, but these are rare cases, there are few such motherboards;
  • As a potential possibility of installation into a PC motherboard that provides a connector for a TPM module. This connector is available only on modern motherboards, a TPM 2.0 compatible hardware device must be purchased separately and installed in the motherboard;
  • Software, by emulating TPM with motherboard technologies, or rather its chipset. TPM 2.0 can only be emulated by modern motherboards, offhand 4 years ago, in fact, when the 2.0 specification became mandatory.

Both the hardware TPM and its emulation technology are usually not active by default, and are included in the BIOS if necessary.

 

Friends, if your PC or laptop is 2016 or newer, you can compete for the right to install Windows 11 officially. Not a fact, but it is possible that you have TPM 2.0, and you only need to activate it in the BIOS. But first, let’s check if your TPM is already active.

 

↑ How to check if TPM 2.0 is active

To find out if TPM 2.0 is enabled on your computer, you can use the WhyNotWin11 utility for checking the compatibility of computers with Windows 11, this is a free utility, you can get it on GitHub. Run it and see what verdict it gives about TPM. If you have and enabled TPM 2.0, in the last column of the utility table you will see a green marker for this component and a statement of its detection. If TPM 2.0 is not active or is absent, the utility detects this and marks this component with a red marker.

You can also check for the presence and activity of TPM 2.0 using Windows system tools. At the command prompt, enter:

tpm.msc

The TPM device management snap-in, if present and active, will display the device’s status that it is ready to use. And it will indicate the version of the module specification.

If the TPM is not active on the computer, or it is not at all, we will see a notification about the impossibility to find the module.

If TPM 2.0 is not found, go to BIOS and look for it there.

↑ How to enable TPM 2.0 on a laptop

 

In the BIOS of laptops, hardware TPM 2.0 should be searched for by sections of security settings or advanced, and you need to look for the figure in the option name “TPM” – TPM Device, just TPM, TPM Support, etc. There may be an option with the full name of the module – Trusted Platform Module, or there may be an option called Security Chip. We are looking for and set this option active.

Another example of how to enable TPM 2.0 on a laptop is the settings for the module activity and the disabled setting for cleaning it. Set the TPM Device setting to Available, the TPM State setting to Enable, and the Clear TPM setting to No.

 

↑ How to enable TPM 2.0 emulation on PC

 

On desktops, you can enable TPM 2.0 implementation by software technology in the motherboard BIOS. If you have an AMD-based computer, here the technology will be called fTPM. Look for such an option in the advanced BIOS settings, for me, for example, on the Gigabyte motherboard, it is along the “Setting> Miscellaneous” path.

We set the technology option to the “Enabled” position.

If you have an Intel processor-based computer, here the TPM emulation technology in motherboards will be called PTT. On the Asus motherboard, for example, you need to look for it in the additional settings section “PCH-FW Configuration”.

Here it is necessary to set the PTT technology value for the “TPM device selection” option.

Or, for the “TPM Device Seletction” option, you need to set the value “Enable Firmware TPM”.

 

***

Friends, if you do not have TPM 2.0, you should hardly bother with its absence. Even if after the release of Windows 11 Microsoft does not relax the system requirements in terms of this device, you need to understand that it does not play any role directly in the operation of the new operating system. It requires a security module, like Secure Boot and UEFI, only at the stage of its installation, and only when this process is performed in the standard way from the installation media. When installing Windows 11 using the alternate methods, there are no requirements to meet. For details on these alternative methods, see the article “How to install Windows 11 without TPM 2.0, Secure Boot and UEFI”.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *