How to enable TPM 2.0 on your PC
One of the pre-requisites for Windows 11 is TPM 2.0, the Trusted Platform Module according to Microsoft. While Windows 11 will install on devices with TPM 1.2, some functionality may not be available in this case.
In 2016, we published a guide on finding out of a Windows computer supports TPM. Microsoft revealed at the time that all new PCs would need to support TPM 2.0 and have it enabled. Existing devices were not affected by the decision back then.
Now, with Windows 11 comes another push to enforcing TPM 2.0 on Windows devices. Microsoft claims that most devices sold in the past 5 years support TPM 2.0, and reiterates that TPM 2.0 is required because it is powering security features such as Bitlocker or Windows Hello.
Microsoft acknowledges that TPM 2.0 may not be enabled on devices even if the feature is supported. Windows 11 may not install on these devices, even if all other system requirements are met.
Find out if your PC supports TPM 2.0
The company published a guide that explains how to find out if TPM is enabled, and how to enable it on devices if it is supported.
Windows users who run Windows 10, the only version of Windows with a direct upgrade path to Windows 11, may check TPM support in the following two ways:
- Open the Settings application, for instance by selecting Start > Settings, or with the keyboard shortcut Windows-I.
- Go to Update & Security > Windows Security > Device Security.
- TPM is not available if Security Processor is not displayed on the page that opens.
- TPM is available if Security Processor is displayed. In that case, select Security Processor to verify the specification version and find out if it is TPM 1.2 or TPM 2.0.
The second method uses the Microsoft Management Console:
- Use Windows-R to open the run box.
- Type tpm.msc.
- The window that opens reveals if TPM is supported or not, including the version if it is supported.
How to activate TPM 2.0
TPM can still be supported by the device, even if Windows can't find a TPM module. TPM can be disabled or enabled in the BIOS of the device, and if it is disabled, Windows won't be able to discover it or make use of it.
Microsoft suggests that users go to Settings > Update & Security > Recovery > Restart now to check the UEFI Bios. The restart option displays a menu on the next restart. Visit Troubleshoot > Advanced options > UEFI Firmware Settings > Restart to have the device load the UEFI settings on the next restart.
The next steps depend on the make and model of the motherboard. Sometimes, settings may be found under Advanced, Security or Trusted Computing. The option to enable TPM is equally unstandardized, as it may be labeled Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.
Closing Words
Not all Windows devices are compatible with Windows 11, Microsoft's upcoming operating system. Some, because they don't meet the system requirements, others, because of a disabled feature in the BIOS. The implementation of TPM in the BIOS is chaotic and not standardized. Users with little experience will have a hard time finding out of TPM is supported and whether it can be enabled in the system's BIOS.
Now You: do your devices support TPM?
my PC supports it but there’s no way in hell I’m enabling a closed source crypto-storage-blackbox on my system.
what dumb post is this?
Neither of the methods described is valid if there is no TPM module installed, this doesnt mean that the device isnt compatible if a TPM were to be installed.
Many manufacturers have released bios updates, because they have interest in selling their old stock of TPMs never sold before.
In any case PM’s arent secure, security is a myth. And not even secure core PC’s that sport the xbox born security chip is reliable, else no one could install homebrew on their xboxes and yet all are flawed.
Unbelievable.
This is the deal-killer that’s been coming for years now. I’m old enough to remember when hardware platforms dictated what software got run on them. Now M$ is dictating what the hardware platforms must have and this is the action of a true monopoly.
I’ll continue to use Windows until the only version that works is W11 (which I’ll never use), then I’ll move over to Linux or BSD.
TPM 2.0 by itself isn’t enough, you also have to have hardware support for MBEC which only (for the most part) 8th-gen Intel and 2nd-gen Ryzen and newer have. Supposedly Windows 11 will still run without it but MBEC has to be emulated in software, which can have a big performance hit in some cases (almost 40%!).
Who would rush out to use Windows 11?
For every product they make (C# programming language, Visual Studio Code) I go from “feeling like a valuable costumer” to “feeling like the limits of my patience are being tested” real fast.
I install Chrome. “Make Chrome the default browser”. It throws me 10 different settings which I have to go through them one by one. How user friendly of you, Microsoft. We’ve been through this with 10. Turns out you’ll test the limits of my patience again to learn how much you can change user experience for the worst and get away with it.
“Fine. Let’s try Edge. It’s based on Chromium after all, how different could it be?” Turns out a lot. New page full of ads and articles. The so-called “focused mode” is sneaking headlines at the bottom, which I have to go out of my way to disable (if you couldn’t I’d just use an adblocker to filter the element or come up with a tampermonkey script, I swear to God). Bing is the default engine which is, alright, makes sense since it’s your engine so let’s change that. “Are you sure?”, “this is the recommended engine, are you sure?”. Also, nice touch that you can change the search bar engine to “Chrome” but the recommended way to search is the search bar in the new tab because that’s fixed to Bing. You can redirect the input to address bar and get yet another UX nightmare where you type in the search bar just to have it suddenly appear in the address bar. Why?
“Okay, time to see what other stuff Microsoft is trying to sell me” is something I never said for Windows 98 Second Edition, Windows XP, Windows Vista, Windows 7 or Windows 8. And yet here we are, with the new generation of Windows users accepting it as the norm because “it’s a company, it has to make money. What do you want them to do, shutdown and starve?” so here we go debloating. And of course I expect the full release to require even more debloating since who pays to be advertised in a beta anyways?
And what’s up with widgets? Who asked for “a shortcut where I can be served directly from Microsoft because setting it up as my homepage by default isn’t enough already”. There’s no way 20% of the people or more have asked for this. If I see Microsoft pushing this feature as “you asked and we have listened” they’ll be lying. It’s yet another thing I have to find workarounds to disable and free up resources because it’s aligned with Microsoft’s goals as a business instead of the average user’s goals.
I wish I was feeling respected as a customer, you know. But I’m not. Windows 11 feels like the kid that tests your limits, trying to be naughty to see what it’s allowed to get away with it, and there are already people who find the kid cute so if you scold it for attempting to break the vase you’re just an old toxic man who doesn’t understand that “kids will be kids” or, to put it in perspective, “companies will be companies”. And good luck trying to explain that Microsoft have been a company before that and guess what, they did the same thing with IE but somehow I’m expected to believe that their corporate tendencies changed because they’re more inclusive now, 2 completely unrelated things.
KDE Plasma 5.23 arrives next month. It can be installed on a potato and a dead horse, and will run a million times better on your computer than Winbloze 8, 8.1, 10 and 11 ever will, no matter what distro is under the hood. If you get a virus on it, you are lying. You agree to nothing when you install it and it wants nothing from you either, ever. Your computer is YOURS, your data is YOURS. So.. YOUR call. Come on people, TIME TO REVOLT NOW ! STICK IT TO THE MAN !
Plasma’s a desktop. Don’t we need a kernel and the other stuff that makes a distro work?
I guess the “no matter what distro is under the hood” – part was too difficult to grasp..? But thanks for participating with your supreme overlord linux-knowledge and patronizing snobbery. Made your comment even more hysterical, thanks.
Rude, quite uncalled for, and quite the “patronizing” “linux-knowledge” “supreme overlord” snob of a hyppocrite YOU have made of yourself. Good job!
Now reread his/her question carefully. He did not question your assertion that any distro would support/run KDE Plasma 5.23. His question was concerning the need for a kernel (and other things) to make (your assertion of) “any distro” work, and therefor support/run “KDE Plasma 5.23”
Now see if you can put that mind of yours to something other than misreading and insulting someone falsely, and answer the person’s question. Unless you can’t, in which case be mature enough to admit you do not know!
“Users with little experience will have a hard time finding out of TPM is supported and whether it can be enabled in the system’s BIOS.”
Then, we need a basic tutorial in figuring it out; it’s not really that difficult although booting to BIOS may be the most problematic part. On one machine, I had moved from UEFI to Legacy Boot, but I still wasn’t able to boot to BIOS. Eventually, I discovered that the keyboard, a wireless, was preventing the boot and plugged in a USB keyboard.
It’s all quite easy after that.
Even the linux kernel supports the TPM. That OS continues slowly rotting from inside from all the big tech larvae having infiltrated it.
Key word there being supports not requires, and the reason it supports it is because without support for TPM you couldn’t run Linux if you enabled it due to it not being certified by Microsoft.
Essentially TPM makes Microsoft the gate keeper of what people can run on their own hardware, be that an OS or probably at some point in the future other software, like win32 software when Microsoft deem them to be a ‘security’ risk.
Interesting. I guess I haven’t been swapping out distros from all three branches for the last year on an ancient laptop without TPM.
When do we start considering our impact to the environment with electronic waste?
I will not get rid of perfectly useable PCs in order to go to W11. I will start using Linux.
Goodbye MicroShaft.
It seems to me the biggest environmental cronies are the tech companies themselves. They don’t repair stuff. Nothing gets recycled. For the sake of a single component they throw it away… Damn fools.
Considering the “sustainable future agenda” one would think manufacturers would step up. But instead they blame consumers for all the problems.
In my previous job I once had a conversation with an IT employee. I mentioned that newer chargers are twice the price of my 10+ year old charger, and my charger even though not labeled a fast charger, was capable of charging my phone as fast as fast chargers, AND it was capable of being plugged into an outlet, or a car’s lighter socket, where as chargers today do not connect to both, and do not last anywhere near 10 years! Then I complained how this was an example of technology taking backward steps.
He got mad at me and said people like me that expect technology to be reliable, stable, and last a decade are the reason why the IT field does not make money and we stifle progress. And this is why electronic gadgets and chargers are built to NOT last long!
I kid you not. This guy had the nerve to say I’m wrong for expecting something I buy to last a while. I wish I could go back in time and raise this topic of sustainability and recycling, just to see how much more foolish he would get!
Still, If his thinking is what IT people are taught to believe, then there is a bigger problem here than just wasteful practices!
Not only did they copy Apple’s UI, they are also riding the cotails of Google’s Android. How the once mighty Microsoft have fallen.
I have until 2025 to decide if I want to uograde to Windows 10.1.
Lol, say what?? Microsoft were once mighty? I must have blinked and missed it :)
Seriously, I don’t think I’ve ever dealt with a more unscrupulous company.
Probably linux desktops, too. There are linux desktops and themes that are very similar to Win 11. MacOS, which is based on linux, looks very similar to many linux desktops with the strange file organization and other quirks intact. Just not free.
Seems MS is run by a bunch of phone culture fools with little creativity who can only copy stuff. These clowns would probably be good at resurrecting Win RT. Then what, wipe out android? Ha Ha! No way.
Hey ULBoom, just a small correction. MacOS is not based on Linux, it’s based on Unix.
“Trusted computing” means exactly the contrary, it gives the ultimate control of the device to those companies we’re already learned to hate instead of the device owner, that’s why the FSF calls it “treacherous computing” instead. The potential evil uses of “trusted computing” are infinite but it is already used for DRM for example.
And another funny reversal of vocabulary meaning is that in the case of evil uses, when they talk about “security” and “attackers”, they are calling the *device owner* the “attacker” for trying to take back control of his own machine by hacking around the “trusted computing”… This is not our security they are talking about.
The “security” word from the mouth of such companies should always be received with extreme suspicion as it includes increasingly ourselves acting in our own interests in the list of “threats” ; it’s one of the main excuses to destroy freedom and privacy.
It will be a cold day in hell before i enable TPM. No company should have the right to tell me what software i can or can’t run on my hardware, least of all Microsoft.
Already running Windows 11 22454.1000.
https://i.imgur.com/m5JwB11.png
I can’t wait for October 5th when the official one will launch. Already I can see Windows 11 being a lot faster than Windows 10.
Ubuntu 20.10 is 50% faster than both Windows 10 and Windows 11 which are both the same.
https://www.phoronix.com/scan.php?page=article&item=windows-11-september&num=1
Here both SAC 21h1 and W11 score the exact same on benchmarks. What I have found is that on W11 the OS UI is generally slower/heavier, especially the Settings application which sometimes takes upwards of a second to navigate between submenus. I will definitely give W11 LTSC a try whenever that SKU will surface, although my expectations right now are fairly low from this OS.
… I will give W11 LTSC a try, but keeping TPM and SecureBoot disabled that is. I will never enable that crap.
It’s called the placebo effect. Everyone says this with a new phone OS version too. It will always run better out of the gate. Nothing new.
@Tom
When I see with my own eyes how things are happening faster compared to how it was in Windows 10, it’s not a placebo effect.
“Windows 11 being a lot faster than Windows 10.”
Only it’s not, in fact early dev builds were slower than 10 (LTT YouTube video: https://www.youtube.com/watch?v=21jH39rlvDA ). Obviously we’ll have to see if that drop in performance in some games remains in RTM.
And before anyone accuses me of being a Microsoft/Windows fanboy, I have been pirating my Windows since 2006, never paid for it, never will, I also disable all telemetry.
You can still be a fanboy without buying their products
Ahh so how do I disable TPM, preferably permanently?
You should have the ability to toggle it on or off from BIOS. I always disable TPM and SecureBoot nonsense on all my machines.
@Yuliya
why is it a good idea have them turned off?
Because mainly I have no use for either of them, and things like SecureBoot are known to be exploitable (bypassed), so really it is not very secure afterall.
You could make the argument for TPM kind of being useful, but really you don’t need it and you can achieve even FDE through BitLocker without it – if you need it. Also, Microsoft and other companies (RiotGames) have already shown interest in forcing the end-user to only run software which they deem “safe” on W11 via the aid of TPM, even before Win11 was released to the general public. Fuck that, this alone should be a red flag for everyone.
While you’re at it, in BIOS most likely you will be able to disable Intel ME as well. Kill it, it’s useless and a security threat more than anything. Ofcourse, if you’re on an Intel platforrm, idk about AMD.
Thanks Yuliya.
I found an article critical of TPM 2.
https://www.techradar.com/news/forget-tpm-chips-for-windows-11-thats-not-even-the-half-of-it
In that article Jorge Myszne, founder and CEO of semiconductor startup Kameleon says:
“The main challenge is that the TPM is a passive device; while you can store data there and nobody can see it, in order to do something with that data the software needs access. And if the software has access, an attacker can gain access too.”