What Is a TPM, How to Check and Enable TPM 2.0 for Windows 11 [Full Guide]

Cedric updated on Aug 18, 2021 to Knowledge Center

What Is a TPM Chip

The Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for secure encryption processors. It is a dedicated microcontroller that protects hardware by integrating cryptographic keys. The TPM chips are either integrated into the PC's motherboard or added to the CPU.

From October 1999 to March 2003, a Group of IT giants, including Microsoft, HP, IBM, and Sony, jointly sponsored the Trusted Computing Group (TCG). They hope to develop the relevant standards and specifications of reliable computers from the aspects of hardware and software of cross-platform and operating environment and put forward the TPM specification. The last revised edition of TPM Main Specification Version 1.2 was published on March 3, 2011. The latest TPM version is 2.0.

TPM 2.0 Windows 11

PM-compliant chips must first have the ability to generate encryption and decryption keys, and must also be able to perform high-speed data encryption and decryption, as well as serve as an auxiliary processor to protect the BIOS and operating system from modification.

What Does the TPM Do 

The TPM chip has a wide range of uses and can be mainly used for device identification, authentication, encryption, and device integrity verification. 

Platform integrity

The main scope of TPM is to ensure the integrity of any computer device, regardless of its operating system. It is designed to ensure that the boot process starts with a trusted combination of hardware and software and continues until the operating system is fully booted and the application runs.

The responsibility for ensuring the integrity of the use of TPM is with the firmware and operating system. For example, the Unified Extensible Firmware Interface (UEFI) can use TPM to form a root of trust. Other examples of platform integrity through TPM include the use of Microsoft Office 365 licenses, TXT, and Outlook.

Encrypt any partition of the hard disk

We can encrypt any hard disk partition with TPM technology. Some computer manufacturers use a one-click restore function, which is one of the most concentrated expressions of this purpose (it puts the system image in a TPM encrypted partition). Some large commercial software companies (e.g., Microsoft) also use it as a means of encrypting partitions (e.g., BitLocker).

Store and manage passwords

Operating systems typically require authentication (involving passwords or other methods) to protect keys, data, or systems. Today, these keys are actually stored in a memory cell solidified in the chip, and their information is not lost even when the power goes down. Compared with BIOS management passwords, the TPM security chip is much more secure.

What's the Difference Between TPM 1.2 and TPM 2.0

The TPM 1.2 specification only allows the use of RSA and SHA-1 hash algorithms. TPM 2.0 enables greater encryption flexibility by being more flexible in terms of encryption algorithms. TPM 2.0 supports newer algorithms to improve drive signing and key generation performance.

Simply put, TPM 2.0 technology is newer than TPM 1.2 technology, which has been around since 2011. It has stronger encryption, more security, and better support for newer algorithms. Like most things in technology, the newer the better.

Microsoft Requires TPM 2.0 on Windows 11

Microsoft has taken the security of its systems very seriously for a long time. This is done by ensuring that the operating system is supported by some hardware, such as the TPM 2.0 chip.

Although Windows 10 can run well without a TPM, Windows 11/knowledge-center/all-you-should-know-about-windows11.html explicitly requires TPM2.0 to install the system. A PC can be exposed to anything from phishing attacks to ransomware attacks that cause severe harm. With TPM 2.0, the security threat to the Windows operating system is certainly reduced to a certain extent.   

tpm 2.0 for windows 11

As of July 28, 2016, all newly manufactured Windows PCs are required to enable TPM 2.0 by default. If you are buying a laptop, desktop, 2-in-1 device, or any other device that comes pre-loaded with Windows 10, Microsoft requires the manufacturer to include TPM 2.0 and enable it.

Must-read: How to check whether your PC can run Windows 11 with Windows 11 Upgrade Checker or PC Health Check.

How to Check If Your Computer Has a TPM 2.0 Chip

If your computer meets the other Windows 11 minimum system requirements, it may support TPM 2.0. If you bought your PC after 2016, it almost certainly comes with TPM 2.0. If your computer is older than a few years or you have built your own computer, you may buy a motherboard without TPM 2.0 that Windows 11 requires.

You can follow the way below to check TPM 2.0 Windows 11 Status.

Step 1. Press Win+R keys to start the Run Window

Step 2. Type tpm.msc in the Run box and click the "OK" button.

Step 3. Then, you might see one of the following results:

The TPM is ready to use with some detailed information.

TPM is enabled

The TPM not available or deactivate with the "Compatible TPM cannot be found" error message.

TPM is not enabled

How to Enable TPM 2.0 for Windows 11 on Your Computer

If the TPM can not be detected or found, there are two ways that you can go to the UEFI mode and enable TPM for Windows 11.

Method 1. Enable TPM 2.0 in Settings

Step 1. Press Win + I keys to open Settings. Then, select "Update & Security".

Step 2. Click "Recovery" on the left side panel. Under Advanced startup, click on "Restart now".

recovery optition

Step 3. Select "Troubleshoot > Advanced options > UEFI Firmware Settings". Next, select "Restart".

uefi firmware

Step 4. Go to the Security Settings. Select the TPM settings configuration option.

choose TPM

Step 5. Enable TPM if it is disabled. Then, exit the settings and restart your computer

Method 2. Enable TPM 2.0 in Boot Maintenance Manager

Step 1. Restart your computer and access the boot mode by repeatedly pressing some dedicated keys as displayed on the screen. These keys vary based on the motherboard manufacturer. Below are the keys for some popular brands:

  • Dell: F2 or F12
  • HP: ESC or F10
  • Acer: F2 or Del
  • Lenovo: F1 or F2
  • ASUS: F2 or Del
  • MSI: Del
  • Samsung: F2
  • Toshiba: F2
  • Microsoft Surface: Press and hold the Volume Up button

Step 2. Now, use the arrow key to open the Security Settings page.

Step 3. Find the TPM settings configuration option as the screenshot in Method 1.

Step 4. Enable the TPM. Exit the settings and Restart your computer.

How to Install Windows 11 Without TPM2.0 on a Computer

Despite some old devices do not have TPM2.0 enabled, it's still possible to run Windows 11 on an unsupported computer from a bootable USB drive. 

Step 1. DOWNLOAD EaseUS Win11builder on your computer. It's a free Windows 11 iso downloader that helps you download the latest Windows 11 operating system (Current OS build:  ).

Step 2. Launch the Win11builder after installation. The obtained system information is available on the home screen, and it keeps updating all the time.

Step 3. Connect your USB flash drive to the computer. Win11builder will automatically detect your USB device, so all you need to do is click the Create button. Tick the option "Bypass TPM2.0..." so you can later install Windows 11 on an unsupported computer without trouble.

win11builder step 1

Step 4. The software will empty your USB drive data if it's a used one. Once the downloading process begins, wait there until it finished or leave for a while to do you own job.

win11builder step 2

Step 5. After successfully downloading the Windows 11 iso image file on the USB drive, start to install Windows 11 from the bootable USB drive on your computer by following the installation wizard step by step.

The Bottom Line  

This article explains all the basic information about TPM and TPM 2.0 on Windows 11. In short, the TPM chip is a device that is important for the system and device security. With the continuous upgrading of the Windows system and the increasing attention to security, TPM plays a more and more important role. It is best if your computer has and has TPM 2.0 enabled. If your computer is equipped with a TPM chip but not turned on, you can activate it by following the instructions in this article.

Can I Add a TPM to My PC 

If your computer does not have a TPM 2.0 chip, can you add one to your computer? If you are familiar with the hardware and software security settings in your system BIOS, you might, in theory, add a separate TPM 2.0 chip to the motherboard.

Many motherboards come with a set of headpins labeled "TPM". But it's very difficult. Even if you have a hardware TPM installed on your homemade computer, you need to make sure that it is set up correctly in the BIOS so that the Windows operating system can recognize it. This process varies greatly depending on the motherboard and CPU you are using.

So the general user can not install the TPM chip to the motherboard by himself. If your computer is really old and you are eager to try out Windows 11's new interface and features, you can try upgrading your old computer to a new one with a TPM 2.0 chip.

Was This Page Helpful?