How to Enable Secure Boot and TPM 2.0 to Install Windows 11

With the newest Windows update, Windows 11 – Microsoft now makes it mandatory to enable Secure Boot and TPM 2.0 for installation. Without the above requirements, your hardware will be reported as incompatible. In today’s article, we will provide detailed instructions on how to do so.

Microsoft’s latest Windows update, Windows 11, is planned to be released in late 2021 for free to all Windows 10 users. If you are not purchasing a new computer with Windows 11 already installed, you might have to check if your PC fulfills the conditions to run the newest OS. Whether your computer is a powerful gaming PC or a modern workstation, you will still need to abide by the following to be able to conduct the update.

To run Windows 11, Microsoft has listed the following options as required: TPM 2.0, Secure Boot, and UEFI mode. These are supported on most modern motherboards, but Secure Boot and TPM are often automatically disabled by manufacturers. You can now check whether your PC fits the requirements to run Windows 11 with a new tool created by Microsoft. The tool will deem your computer as ineligible to run Windows 11 if Trusted Platform Module and Secure Boot are disabled, even with the newest hardware installed.

How to enable Secure Boot and TPM 2.0 to install Windows 11

Disclaimer: We are unable to provide detailed instructions for all BIOS/UEFI versions in this post. Motherboards are equipped with different BIOS versions, UI, layouts, and capabilities across different vendors. Thus, we will provide general terminology and general guidelines on how to enable Secure Boot and TMP 2.0.

You will first need to enter BIOS in Windows 10, following the instructions below:

Step 1: Find “Settings” in the Start Menu or press Win + I.
Step 2: Select “Update and Security” -> “Recovery.
Step 3: Proceed to the “Advanced Startup” menu and click on “Restart now”.

Step 4: A blue “Choose an option” screen will pop up. Click on “Troubleshoot” -> “Advanced Options”.
Step 5: Select “UEFI Firmware Settings” -> “Restart”.

You can use the above steps for all modern computers with UEFI. Windows 11 cannot be installed on computers that don’t support UEFI. You also need to ensure that BIOS is operating in UEFI mode and CSM Mode is disabled.

Check whether your PC already has TPM 2.0 and Secure Boot enabled

As mentioned above, Microsoft now provides a built-in system information tool that allows you to check whether your PC has TPM 2.0 and Secure Boot enabled, without having to enter UEFI/BIOS. You can access the tool as below:

Step 1: Search for “Run” in the search box in the Start Menu, or press Win + R. Type “msinfo32” to open System Information.
Step 2: A new window will pop up with details regarding your system. Here, select “System Summary”.
Step 3: Search for “Secure Boot State” among the list of Items, and check that its status is “On”.
Step 4: Click on the plus sign next to “Hardware Resources” to expand, then select “Memory”.
Step 5. Among the list that has been opened, find “Trusted Platform Module 2.0”. Ensure that its status is “OK”.

An alternative way of doing this is checking on “Device Manager”, which can be searched for in the search box on the Start bar. If enabled, Trusted Platform Module 2.0 will be listed under “Security Devices”.

Enable Secure Boot to Install Windows 11

For both Intel and AMD-based PCS, the steps to enable Secure Boot is mostly similar:

Step 1: Find a boot settings manager (eg. boot priority, CSM Mode, boot override, etc.)
Step 2: Search for a “Boot” section or “Boot Settings”, and “Secure Boot” under it. The “Boot” section can often be easily found in the BIOS’s main menu, as it is one of the most popular settings.
Step 3: Enable “Secure Boot” and set “System” mode to “User”. On some PCs, There there will not be an explicit on/off button for Secure Boot on some PCs – in this case, look for an OS Type toggle.
Step 4: Set “OS Type” to “Windows UEFI Mode”.
Step 5: Restart your computer.

We will go into more details for instructions regarding Intel and AMD-based PCs separately below.

Enable TPM 2.0 on an Intel-based PC

On an Intel-based computer, you will need to find “Intel PTT” to enable TPM 2.0. You might have to look for it in the “Advanced” section or other lists of additional options as it is not a popular setting (you can also try “Security”).

Tip: For most modern computers, two UEFI modes are offered: simplified and advanced /pro. You would want to enable the “advanced” mode to gain access to all the features and settings.

In the example we have used above, “Intel PTT” is under “PCH-FW Configuration”. If you are unable to locate the option for “Intel PTT TMP 2.0”, refer to the user manual for your motherboard or use the search tool in BIOS/ UEFC.

Enable TPM 2.0 on an AMD-based PC

The procedure for AMD-based PCs is essentially the same. Find the option for “AMD fTPM”, which in the example below can be located in “Trusted Computing” under “Security”. After you have located the “AMD fTPM option”, select “Security Device Support – Enable” and “AMD fTPM – AMD CPU fTPM”.

Following all the above instructions, you will now have fulfilled the requirements to update your OS to Windows 11 later this year. We hope this had been this article will be helpful, please and leave your comments below if you have any further questions or suggestions!