Most of the PCs which have shipped in the last few years can run Trusted Platform Module version 2.0 Or TPM 2.0. Trusted Platform Module version 2.0 is required in order to run Windows 11 as a crucial building block for features that are related to security. In Windows 11, this version is used for several features like Windows Hello for identity protection & BitLocker for data protection.
In a few cases, PCs that can run TPM 2.0 may not be set up to do so. If you want to upgrade your system to Windows 11, ensure that the TPM 2.0 version is enabled on the device. Nowadays, TPM is disabled by default in most retail PC motherboards. However, there is nothing to worry about as you can enable it almost always. Let’s dig into the article to learn how to enable TPM 2.0 on your PC.
What is a TPM?
Trusted Platform Module refers to a security technology that can be used to boost the system security against software vulnerabilities.
What Is A TPM 2.0 Device?
This kind of device has a CPU which is compatible with Trusted Platform Module 2.0. It comes with a mainstream AMD Ryzen Zen+ processor from the second generation onwards that does not have Ryzen 2000 APUs. Also, it comes with Intel eighth-generation CPUs or newer. A few Intel Xeon processors exist that are available to make the cut. This small chip resides on the motherboard & stores information like passwords, certificates, & encryption keys in order to make the accessing process harder for hackers.
Do You Have TPM 2.0 On Your Computer?
Suppose you are using an AMD Ryzen 2000 processor (except 2200G and 2400G) or newer. Or you are using an Intel 8000-series processor or newer version. In that case, you can have a TPM 2.0 module. If any version is older than that ( like first-generation AMD Ryzen and Intel 7000 series CPUs), these will not support it.
Sometimes, your motherboard does not have TPM 2.0 enabled automatically, even when you have the right CPU. Or it may happen that your motherboard doesn’t come with the option to toggle it manually. You should try to update your motherboard’s firmware if there is any issue.
Check For TPM Using The Windows Security App:
First, you need to check for a TPM 2.0 chip on the PC you use. It can be done manually through the Windows 10 settings. It informs you if you are able to continue with the Windows 11 install process.
- Your first task is to open the Windows 10 settings by hitting the Windows Key and I on the keyboard. Next, you need to navigate to Update and Security.
- After that, you need to click on Windows Security, followed by Device Security and Security Processor Details from Update and Security. Sometimes, you may not see a Security Processor section on the screen. If this is the case, it might happen that your TPM 2.0 chip is disabled or unavailable. If you see that a spec is lower than 2.0, remember that your device is unable to run Windows 11.
How to Check If Your System Supports TPM 2.0:
Microsoft recommends that TPM 2.0 is the minimum requirement. Back in 2015, it was introduced. Every ASUS motherboard features this version 2.0.
In order to check the version, you need to press the Windows key + R, that will allow you to bring up the Run box. If you are willing to open the Windows TPM management tool, you should type in “TPM.MSC”. If the feature is enabled, the screen will pop up. It enables you to see extra TPM information.
Alternatively, you can also check the TPM version in the BIOS.
Hence, your task is to navigate to the Advanced\Trusted Computing page in order to see the TPM version.
How to Enable TPM 2.0 on Your PC?
Get To BIOS To Enable TPM:
As soon as you verify that you have a TPM 2.0 chip on your operating system, your task is to get into the BIOS of your PC to enable it. It can be done directly through Windows without using the keyboard combination on boot. The process you have to follow is:
- Your first task is to navigate to the Windows 10 Settings. Then, you need to move to Update and Security, followed by Recovery. Next, your job is to click on Restart Now. You can see your system restarting thereafter.
- Now, you have to select Troubleshoot, followed by Advanced Options on the next screen. Then, you have to choose UEFI Firmware Settings. Now, you have to click the Restart button. In order to check on the version, it will boost the computer or PC into the system BIOS.
Enable TPM 2.0 In The BIOS:
You are now in the System BIOS. Then, you have to look for a particular submenu. You can find TPM settings on most systems under settings labelled as Advanced Security, Security, or Trusted Computing. You can use the keyboard combinations that are available on the list on the screen or use the mouse to go to the menus only when your BIOS is compatible with it.
If you are not sure about the menu you have to get into, you can visit the PC manufacturer’s page to learn how to enable TPM 2.0.
As soon as you go to the respective menu in the BIOS, you are able to get the opportunity to flip the switch or check the box for one of the following options. Sometimes, you can find this version labelled differently as one of these options: Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.
Are you unsure if you are checking the correct box for TPM 2.0 settings? If so, then you have to check with the support documents for the company that made the PC.
As soon as you enable TPM 2.0, use the listed commands to exit the BIOS. You can see the commands available at the bottom of the screen. Generally, using the Esc key solves the issue. Then, you are prompted to Save and Exit. Then, your system restarts and allows you to boot back into Windows.
Once you confirm that your computer or PC comes with a TPM 2.0 chip, the Windows 11 installation procedure can be started.
- Your first job is to press “Del” in order to enter the BIOS once the ASUS or ROG logo appears.
- Then, you have to head toward the Advanced\PCH-FW Configuration page. Next, you should enable “PTT”.
- As soon as you try to change anything in the BIOS, you get to see a notification box. You need to click on the OK button. After that, you have to save the changes by pressing F10. Next, you should reboot your PC.
- You should first press “Del” to enter BIOS once you see the ASUS or ROG logo.
- Then, you have to navigate to the Advanced\AMD fTPM configuration page. After that, you have to switch the “TPM Device Selection” option to “Firmware TPM”.
- Next, you should press F10 to save changes & then reboot.
Use The Microsoft Management Console:
- Your first job is to press [Windows Key] + R. Otherwise, you need to choose Start and then Run.
- Now, you have to type “tpm.msc” ( ensure that you aren’t using any quotation marks). Then, you need to click on OK.
- In case a message appears saying, “Compatible TPM cannot be found”, then your PC does not have a disabled TPM. You need to know how to enable it for extra information. Otherwise, you can enable the TPM by checking the PC manufacturer’s support information to get the instructions. When you can enable this, you should complete the next step in order to verify that it is a TPM 2.0.
- Once you see a message that ensures TPM is all set to use, your job will be to check the Specification Version under TPM Manufacturer Information in order to verify that the version is 2.0. Suppose technology is less than 2.0. Hence, your device may not fulfil the Windows 11 requirement.
Use Microsoft’s PC Health Check App:
Are you a Windows Insider? Then, it becomes easier for Microsoft to check if the PC supports Windows 11 through the PC Health Check app. Hence, you have to download the app and then launch it.
If it is enabled on the PC, you get to see a list of the specifications of your device, including TPM 2.0. You can also get to see how old the machine is.
Use The TPM Management Window:
On the Local Computer window, TPM displays the TPM chip’s status & carries out other actions. For instance, in order to clear the system’s existing TPM keys, you are capable of using this. These are the steps you should follow in this case:
- Your first job is to open Search and thereafter you need to type “msc.”
- Now, you have to choose the first result that says “tpm.msc. Microsoft Common Console Document.” After applying the command, you will see this launching the “Trusted Platform Module (TPM) Management on Local Computer” page.
- Your task now is to navigate to the Actions pane on the right. Then, you should click Clear TPM. Then, you have to click “Action” in the toolbar. You have to choose Clear TPM in the drop-down menu.
- A dialog will appear to warn you about the implications of clearing TPM. After that, you have to click on the “Restart” button.
- Once the computer or PC restarts, you can complete the process by accepting the other confirmation prompt. Then, your job is to check if you are able to upgrade to Windows 11.
Thus, you are capable of clearing the TPM keys with the aim of fixing the TPM 2.0 error when you install Windows 11.
Check If Secure Boot Is present For Windows 11:
In order to decide if Secure Boot is enabled on your PC, you should follow the steps.
- First, you need to open Start.
- After that, you have to search for System Information. Next, open the app by clicking the top result.
- Now, you have to click on System Summary, which is located on the left pane.
- After checking the “Secure Boot State” information, your task is to confirm that the feature is turned “On.” If this isn’t the case, you have to enable the option manually.
As soon as you complete the steps, the Windows 11 installation procedure can be continued only when the security feature is enabled. Or you need to follow the next section to enable this inside the UEFI firmware.
How To Enable Secure Boot In BIOS:
It is important to enable Secure Boot as it allows you to complete the full Windows 11 installation successfully. These are the steps you should follow:
Step 1. Enter The BIOS:
If you are not in the BIOS, you have to press ‘F2‘ or ‘Del‘ during startup to jump into this.
Step 2. Select Advanced Mode:
In order to enable Secure Boot, you have to choose the ‘Advanced Mode‘ option. You need to press ‘F2‘ or choose this from the side menu to do so.
Step 3. Select The Boot Option In BIOS:
Once you use the advanced mode, you only have to click the ‘Boot‘ option from the top menu.
Step 4. Select Secure Boot From The Options:
Now, your task is to head toward the ‘Secure Boot‘ tab & choose this.
Step 5. Enable The Secure Boot Feature:
At last, your job is to click the ‘Secure boot‘ option. After that, you need to change it from ‘Disabled‘ to ‘Enabled‘. As soon as you have completed this step, you need to click the ‘Save & Exit‘ option. Then, you have to restart your PC.
It helps to enable TPM 2.0 and secure boot on your computer or PC.
As soon as you have enabled TPM 2.0 completely in the BIOS, you can install Windows 11. But if your system is not compatible with a TPM 2.0 module, you need to either buy a TPM module & install this, or you can buy a completely new motherboard.
The Bottom Line:
For Windows 11 upgrades, TPM 2.0 capability is essential. Keep in mind that TPM 2.0 helps to counter threats and protect private information. You can use the TPM Management window or the PC Health Check program to enable TPM 2.0. In this article, we have discussed in detail how to enable TPM 2.0 on your PC. Follow these steps properly to enable it on the PC. For further queries or confusion, feel free to ask us via comments.
Frequently Asked Questions
How do you know if your TPM 2.0 is activated?
You should follow these steps to confirm that the TPM is activated.
- You first need to log in to your Windows.
- Then, your task is to right-click the Windows Start Button.
- Next, you need to click Device Manager.
- After that, you have to expand the Security Devices Node.
- Now, the TPM 2.0 can be seen.
How do you enable TPM 2.0 in BIOS?
The steps that you have to follow are:
- Your first job is to power the system on. Then, you can get into the BIOS by pressing DEL or F2.
- Then, your job is to head toward the Advanced\CPU Configuration.
- Now, you need to enable the AMD fTPM switch.
- You should save the changes you have made by pressing F10.
Does your PC have TPM 2.0 support already?
If your PC is less than 5 years old, you will have TPM 2.0. In order to find out if the Windows 10 PC has it, you need to go to Start. Then, you need to click on Settings. After that you have to tap on Update and Security. Then, you need to click on Windows Security. Now, your task is to tap on Device Security. In case you have it, in the Security Processor section, it will be seen.