Windows 11: How to enable TPM 2.0 in BIOS/UEFI?

It’s been a long time since Windows 11 was released, We were able to discover its new features as well as its minimum system requirements. And unlike previous versions, Windows 11 requires the activation of the TPM 2.0 security module, which is not always activated by default. In this article, we will see together what is the TPM 2.0, but also and especially how to activate the TPM 2.0 in the BIOS/UEFI of your computer’s motherboard to install Windows 11.

  • What is TPM 2.0?
  • Check the TPM activation in Windows
  • How to enable TPM in BIOS/UEFI?

What is TPM 2.0?

TPM (Trusted Platform Module) is a cryptographic module that provides enhanced security features. The TPM is a chip capable of performing encryption operations. In particular, it can generate, store and limit the use of encryption keys. For more information, I invite you to visit the Microsoft website which explains in detail how this module works and how Windows uses it.

How to Check if TPM Is Enabled in BIOS

On the Windows 11 presentation page, you can download an application that allows you to check the compatibility of your PC with Windows 11. When I myself checked the compatibility of Windows 11 on my PC, I got the following error message:

"This PC cannot run Windows 11. Although this PC does not meet the system requirements to run Windows 11, you will continue to receive Windows 10 updates.

If you too are getting this error message, it doesn’t necessarily mean that your PC is obsolete. It probably means that the TPM (also called dTPM, fTPM or PTT) is not enabled in the BIOS/UEFI of your computer’s motherboard. To check this, I invite you to follow these few steps:

  1. Press Windows + R on your keyboard to open the Run dialog box.
  2. In the window that appears, type tpm.msc and validate with the Enter key or click on "OK".
  3. A new window "Secure Platform Module Management on Local Computer" will open. From this window, you can quickly see if the TPM module is activated in the BIOS/UEFI of the motherboard. If it is not, you will get the following error message:

"Compatible Secure Platform Module not found on this computer. Make sure this computer has a Secure Platform Module 1.2 (or later) and that it is enabled in the BIOS."

How do I enable the TPM 2.0 in the BIOS/UEFI?

To install Windows 11, it is mandatory to enable the TPM module from the BIOS or UEFI of your PC motherboard. To enable TPM in BIOS/UEFI, it is very simple. The option can be found in the security settings. However, since the interface from one BIOS/UEFI to another differs slightly, you will have to look for the option yourself.

In my example, the screenshots are from the UEFI firmware of the MSI Z370 GAMING M5 motherboard.

Go to the BIOS or UEFI. To access it, you usually have to quickly press the F2 or Delete key on your keyboard once the PC is turned on, before Windows starts. If you do not know the key to access the BIOS or UEFI of your motherboard, please refer to the manual of your computer’s motherboard.

  1. Then, click on "Settings", then on "Security".
  2.  Then click on "Trusted Computing".
  3.  Then click on "Security Device Support" and select "Enabled".
  4. Once the TPM module has been activated, do not forget to save the changes. To do so, click on "Save and Exit".
  5. Click on "Save Changes and Restart".
  6. Finally, click on "Yes" to confirm the change.
  7. Your PC will now restart. Once Windows is started, check if the TPM module is enabled. To do this, repeat the steps above. If it is, you should get the following message: "The Secure Platform Module (TPM) is ready for use."
  8. You can also redo the Windows 11 compatibility test with your PC.  If  this PC can run Windows 11, so all you have to do is install Windows 11.