The Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for secure encryption processors. It is a dedicated microcontroller that protects hardware by integrating cryptographic keys. The TPM chips are either integrated into the PC's motherboard or added to the CPU.
From October 1999 to March 2003, a Group of IT giants, including Microsoft, HP, IBM, and Sony, jointly sponsored the Trusted Computing Group (TCG). They hope to develop the relevant standards and specifications of reliable computers from the aspects of hardware and software of cross-platform and operating environment and put forward the TPM specification. The last revised edition of TPM Main Specification Version 1.2 was published on March 3, 2011. The latest TPM version is 2.0.
PM-compliant chips must first have the ability to generate encryption and decryption keys, and must also be able to perform high-speed data encryption and decryption, as well as serve as an auxiliary processor to protect the BIOS and operating system from modification.
The TPM chip has a wide range of uses and can be mainly used for device identification, authentication, encryption, and device integrity verification.
The main scope of TPM is to ensure the integrity of any computer device, regardless of its operating system. It is designed to ensure that the boot process starts with a trusted combination of hardware and software and continues until the operating system is fully booted and the application runs.
The responsibility for ensuring the integrity of the use of TPM is with the firmware and operating system. For example, the Unified Extensible Firmware Interface (UEFI) can use TPM to form a root of trust. Other examples of platform integrity through TPM include the use of Microsoft Office 365 licenses, TXT, and Outlook.
Encrypt any partition of the hard disk
We can encrypt any hard disk partition with TPM technology. Some computer manufacturers use a one-click restore function, which is one of the most concentrated expressions of this purpose (it puts the system image in a TPM encrypted partition). Some large commercial software companies (e.g., Microsoft) also use it as a means of encrypting partitions (e.g., BitLocker).
Store and manage passwords
Operating systems typically require authentication (involving passwords or other methods) to protect keys, data, or systems. Today, these keys are actually stored in a memory cell solidified in the chip, and their information is not lost even when the power goes down. Compared with BIOS management passwords, the TPM security chip is much more secure.
The TPM 1.2 specification only allows the use of RSA and SHA-1 hash algorithms. TPM 2.0 enables greater encryption flexibility by being more flexible in terms of encryption algorithms. TPM 2.0 supports newer algorithms to improve drive signing and key generation performance.
Simply put, TPM 2.0 technology is newer than TPM 1.2 technology, which has been around since 2011. It has stronger encryption, more security, and better support for newer algorithms. Like most things in technology, the newer the better.
Microsoft has taken the security of its systems very seriously for a long time. This is done by ensuring that the operating system is supported by some hardware, such as the TPM 2.0 chip.
Although Windows 10 can run well without a TPM, Windows 11 explicitly requires TPM2.0 to install the system. A PC can be exposed to anything from phishing attacks to ransomware attacks that cause severe harm. With TPM 2.0, the security threat to the Windows operating system is certainly reduced to a certain extent.
As of July 28, 2016, all newly manufactured Windows PCs are required to enable TPM 2.0 by default. If you are buying a laptop, desktop, 2-in-1 device, or any other device that comes pre-loaded with Windows 10, Microsoft requires the manufacturer to include TPM 2.0 and enable it.
You May Also Want to Know: Can I Bypass TPM 2.0 and Install Windows 11? Follow the guide here, you'll get the answer.
Is there any way to bypass TPM 2.0 and get Windows 11 free upgrade from Windows 10? Here we come, with a feasible solution for you.
If your computer meets the other Windows 11 minimum system requirements, it may support TPM 2.0. If you bought your PC after 2016, it almost certainly comes with TPM 2.0. If your computer is older than a few years or you have built your own computer, you may buy a motherboard without TPM 2.0 that Windows 11 requires.
You can follow the way below to check TPM 2.0 Windows 11 Status.
Step 1. Press Win+R keys to start the Run Window
Step 2. Type tpm.msc in the Run box and click the "OK" button.
Step 3. Then, you might see one of the following results:
The TPM is ready to use with some detailed information.
The TPM not available or deactivate with the "Compatible TPM cannot be found" error message.
If the TPM can not be detected or found, there are two ways that you can go to the UEFI mode and enable TPM for Windows 11.
Method 1. Enable TPM 2.0 in Settings
Step 1. Press Win + I keys to open Settings. Then, select "Update & Security".
Step 2. Click "Recovery" on the left side panel. Under Advanced startup, click on "Restart now".
Step 3. Select "Troubleshoot > Advanced options > UEFI Firmware Settings". Next, select "Restart".
Step 4. Go to the Security Settings. Select the TPM settings configuration option.
Step 5. Enable TPM if it is disabled. Then, exit the settings and restart your computer
Method 2. Enable TPM 2.0 in Boot Maintenance Manager
Step 1. Restart your computer and access the boot mode by repeatedly pressing some dedicated keys as displayed on the screen. These keys vary based on the motherboard manufacturer. Below are the keys for some popular brands:
- Dell: F2 or F12
- HP: ESC or F10
- Acer: F2 or Del
- Lenovo: F1 or F2
- ASUS: F2 or Del
- MSI: Del
- Samsung: F2
- Toshiba: F2
- Microsoft Surface: Press and hold the Volume Up button
Step 2. Now, use the arrow key to open the Security Settings page.
Step 3. Find the TPM settings configuration option as the screenshot in Method 1.
Step 4. Enable the TPM. Exit the settings and Restart your computer.
The following guides show a simple method to download and install Windows 11 with a bootable USB cable. As long as your device meets the installation requirements, you can download Windows 11 now.
Step 1. Launch OS2Go after installation, and click Windows Install Drive Creator. The obtained system information is available on the home screen, and it keeps updating all the time. Apart from Windows 11, Win11 builder also supports you to download Windows 10/8.1.
Step 2. Connect your USB flash drive to the computer. Win11 builder will automatically detect your USB device, so all you need to do is click the Create button.
Step 3. The software will empty your USB drive data if it's a used one. Once the downloading process begins, wait there until it finished or leave for a while to do you own job.
Step 4. After successfully downloading the Windows 11 iso image file on the USB drive, start to install Windows 11 from the bootable USB drive on your computer by following the installation wizard step by step.
The Bottom Line
This article explains all the basic information about TPM and TPM 2.0 on Windows 11. In short, the TPM chip is a device that is important for system and device security. With the continuous upgrading of the Windows system and the increasing attention to security, TPM plays a more and more important role. It is best if your computer has and has TPM 2.0 enabled. If your computer is equipped with a TPM chip but not turned on, you can activate it by following the instructions in this article.
Can I Add a TPM to My PC
If your computer does not have a TPM 2.0 chip, can you add one to your computer? If you are familiar with the hardware and software security settings in your system BIOS, you might, in theory, add a separate TPM 2.0 chip to the motherboard.
Many motherboards come with a set of headpins labeled "TPM". But it's very difficult. Even if you have a hardware TPM installed on your homemade computer, you need to make sure that it is set up correctly in the BIOS so that the Windows operating system can recognize it. This process varies greatly depending on the motherboard and CPU you are using.
So the general user can not install the TPM chip to the motherboard by himself. If your computer is really old and you are eager to try out Windows 11's new interface and features, you can try upgrading your old computer to a new one with a TPM 2.0 chip.
Was This Page Helpful?
Daisy is the Senior editor of the writing team for EaseUS. She has been working in EaseUS for over ten years, starting from a technical writer to a team leader of the content group. As a professional author for over 10 years, she writes a lot to help people overcome their tech troubles.
Cedric Grantham is a senior editor and data recovery specialist of EaseUS. He mainly writes articles and how-to tips about data recovery on PC and Mac. He has handled 10,000+ data recovery cases and is good at data recovery of NTFS, FAT (FAT32 and ExFAT) file systems, and RAID structure reorganization.