How to enable TPM 2.0 on your PC

Martin Brinkmann
Sep 12, 2021
Updated • Oct 6, 2021
Windows tips

One of the pre-requisites for Windows 11 is TPM 2.0, the Trusted Platform Module according to Microsoft. While Windows 11 will install on devices with TPM 1.2, some functionality may not be available in this case.

In 2016, we published a guide on finding out of a Windows computer supports TPM. Microsoft revealed at the time that all new PCs would need to support TPM 2.0 and have it enabled. Existing devices were not affected by the decision back then.

Now, with Windows 11 comes another push to enforcing TPM 2.0 on Windows devices. Microsoft claims that most devices sold in the past 5 years support TPM 2.0, and reiterates that TPM 2.0 is required because it is powering security features such as Bitlocker or Windows Hello.

Microsoft acknowledges that TPM 2.0 may not be enabled on devices even if the feature is supported. Windows 11 may not install on these devices, even if all other system requirements are met.

Find out if your PC supports TPM 2.0

The company published a guide that explains how to find out if TPM is enabled, and how to enable it on devices if it is supported.

Windows users who run Windows 10, the only version of Windows with a direct upgrade path to Windows 11, may check TPM support in the following two ways:

windows 10 device security tpm

  1. Open the Settings application, for instance by selecting Start > Settings, or with the keyboard shortcut Windows-I.
  2. Go to Update & Security > Windows Security > Device Security.
    1. TPM is not available if Security Processor is not displayed on the page that opens.
    2. TPM is available if Security Processor is displayed. In that case, select Security Processor to verify the specification version and find out if it is TPM 1.2 or TPM 2.0.

The second method uses the Microsoft Management Console:

check tpm 2.0 support windows

  1. Use Windows-R to open the run box.
  2. Type tpm.msc.
  3. The window that opens reveals if TPM is supported or not, including the version if it is supported.

How to activate TPM 2.0

TPM can still be supported by the device, even if Windows can't find a TPM module. TPM can be disabled or enabled in the BIOS of the device, and if it is disabled, Windows won't be able to discover it or make use of it.

Microsoft suggests that users go to Settings > Update & Security > Recovery > Restart now to check the UEFI Bios. The restart option displays a menu on the next restart. Visit Troubleshoot > Advanced options > UEFI Firmware Settings > Restart to have the device load the UEFI settings on the next restart.

The next steps depend on the make and model of the motherboard. Sometimes, settings may be found under Advanced, Security or Trusted Computing. The option to enable TPM is equally unstandardized, as it may be labeled Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.

Closing Words

Not all Windows devices are compatible with Windows 11, Microsoft's upcoming operating system. Some, because they don't meet the system requirements, others, because of a disabled feature in the BIOS. The implementation of TPM in the BIOS is chaotic and not standardized. Users with little experience will have a hard time finding out of TPM is supported and whether it can be enabled in the system's BIOS.

Now You: do your devices support TPM?

Find out if your PC supports TPM 2.0
Article Name
Find out if your PC supports TPM 2.0
One of the pre-requisites for Windows 11 is TPM 2.0, the Trusted Platform Module according to Microsoft. While Windows 11 will install on devices with TPM 1.2, some functionality may not be available in this case.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Tom Hawack said on October 15, 2019 at 6:21 pm

    I don’t know how reliable ‘Windows Defender Firewall’, because here on Windows 7 with the OS’s firewall, some applications phone home although I’ve added an inbound and an outbound rule to block them. For instance, ‘EditPad’ Lite which attempts to connect to connect to and which fails to do so only because I block that connection with a DNSCrypt-proxy blacklist rule, and here what shows DNSCrypt-proxy query log : A REJECT 0ms quad9-dnscrypt-ip4-filter-pri

    quad9 is the DNS used with DNSCrypt-proxy. This means that Windows Firewall does not prevent an application added to its filters to connect to the Web, not always anyway.

    So I do hope Windows Defender Firewall does a better job.

    1. jan said on October 17, 2019 at 4:48 pm

      Hi Tom,
      You write:”I don’t know how reliable ‘Windows Defender Firewall….”.
      Let me tell you, based on my own experience, that firewall is really a POS (Piece Of Shit). It is really unreliable

  2. Stv said on October 15, 2019 at 7:38 pm

    Every software is able to write a firewall condition under windows i think, Windows Firewall is a trash

    The first software that i always install (when i need internet in vboxed windows) is Simple Wall.

    1. Cor said on October 15, 2019 at 9:22 pm

      I also really like his version of Chromium

      1. owl said on October 24, 2019 at 10:12 am
        I also, “Simple Wall” is a favorite. That’s enough.

        henrypp/chromium: Chromium builds with codecs | GitHub
        Chromium builds with codecs
        Download latest stable Chromium binaries (64-bit and 32-bit) |
        It is very interesting.
        And, “Notes” There are must-see value.

  3. ULBoom said on October 15, 2019 at 9:26 pm

    There’s an easy page for blocking/allowing programs to go out in the main firewall window, click on:
    Allow and App or feature through Windows Firewall.

    Otherwise, good overview of rules creation. I’ve never had a program sneak out if its rule is set up right.

    Yes, Windows defaults to letting most anything through as do other firewalls I’ve used. Probably preferrable to blocking everything except in critical security situations.

  4. B said on October 15, 2019 at 10:30 pm

    To quickly achieve the same end result as the steps above, I always install “OneClickFirewall” – less complex than anything like WFC, it just gives you a right click context menu on any exe for “Block internet access” and “Restore internet access”. Very handy!

    1. Rush said on October 16, 2019 at 7:42 pm

      @ B

      I downloaded the OCF program but I did not install it.

      Virus Total found one two red engines:

      Antiy-AVL – Trojan/Win32.Fuerboos


      MaxSecure – Trojan.Malware.7164915.susgen

  5. Paul(us) said on October 15, 2019 at 10:45 pm

    Nice article Ashwin.

    Sometimes I like to quit (disable the Internet connection temporarily) all internet connection than I use the free software program for windows Net disabler v.1. 0 ( Latest release ’17-02-21).

  6. Software tester 0101 said on October 15, 2019 at 11:23 pm

    Here is the easiest methode to block Windows programs from accessing the internet ; Application name is FAB (Firewall Application blocker) it is a Portable freeware , usage is just drag and drop the Application icon

  7. Ray said on October 16, 2019 at 12:29 am

    Thanks Ashwin. I always forget about the internals of Windows Firewall.

    Just set up some outbound rules to block some apps that shouldn’t have internet access. Thanks again!

  8. Dave said on October 16, 2019 at 4:17 am

    Ashwin, it doesn’t work.

    Try this. Install steam and login. Rules wil be automatically created to allow steam.

    Now log out and close steam. Change the firewall rules to block.

    Open steam again and login in.

    Go back to the firewall to find new allow rules created for it.

    Basically, anyone willing to pay microsoft to be added to a “trusted list” gets a free ticket past the windows firewall wether you want them to or not.

    Now go get Windows Firewall Control (I reccomend finding a pre MWB version) and install it and setup it up. Then turn on secure rules. Now repaet the steps with Steam and it will stay blocked.

  9. limonec said on October 16, 2019 at 5:45 am

    Fast, free and simple solution for the beginners and non-professional: Firewall App Blocker

    1. The Gobbler said on October 16, 2020 at 9:02 am

      Sordum’s Firewall App Blocker is great. Just right-click any exe file and it gets blocked in Windows Firewall, without going through all those steps. Also note, this feature is also in Sordum’s Easy Context Menu. All free.

  10. Parry Hotter said on October 16, 2019 at 3:47 pm

    The heck with all of that. Just use a superior and much easier to use front end for the built in firewall. Malwarebytes Windows Firewall Control is excellent.

  11. Petter said on October 16, 2019 at 6:29 pm

    I’ll just put this here: TinyWall

  12. Jafp said on December 17, 2019 at 7:40 pm

    What gets me most is that large number of windows processes is trying to get access to internet. Why? Windows DOES not need access to internet even to install it and can run without internet. The only possible exception being network management.
    Just another case of spyware?
    MS should be legislated to provide full description and reasons for those services demand for access as it is potentially abusing privacy.

    1. Hank said on October 16, 2020 at 9:08 am


      Your logic is sketchy and lacks reasonable facts. Perhaps you need to be legislated.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.