How to enable TPM 2.0 on your PC

Martin Brinkmann
Sep 12, 2021
Updated • Oct 6, 2021
Windows tips

One of the pre-requisites for Windows 11 is TPM 2.0, the Trusted Platform Module according to Microsoft. While Windows 11 will install on devices with TPM 1.2, some functionality may not be available in this case.

In 2016, we published a guide on finding out of a Windows computer supports TPM. Microsoft revealed at the time that all new PCs would need to support TPM 2.0 and have it enabled. Existing devices were not affected by the decision back then.

Now, with Windows 11 comes another push to enforcing TPM 2.0 on Windows devices. Microsoft claims that most devices sold in the past 5 years support TPM 2.0, and reiterates that TPM 2.0 is required because it is powering security features such as Bitlocker or Windows Hello.

Microsoft acknowledges that TPM 2.0 may not be enabled on devices even if the feature is supported. Windows 11 may not install on these devices, even if all other system requirements are met.

Find out if your PC supports TPM 2.0

The company published a guide that explains how to find out if TPM is enabled, and how to enable it on devices if it is supported.

Windows users who run Windows 10, the only version of Windows with a direct upgrade path to Windows 11, may check TPM support in the following two ways:

  1. Open the Settings application, for instance by selecting Start > Settings, or with the keyboard shortcut Windows-I.
  2. Go to Update & Security > Windows Security > Device Security.
    1. TPM is not available if Security Processor is not displayed on the page that opens.
    2. TPM is available if Security Processor is displayed. In that case, select Security Processor to verify the specification version and find out if it is TPM 1.2 or TPM 2.0.

The second method uses the Microsoft Management Console:

  1. Use Windows-R to open the run box.
  2. Type tpm.msc.
  3. The window that opens reveals if TPM is supported or not, including the version if it is supported.

How to activate TPM 2.0

TPM can still be supported by the device, even if Windows can't find a TPM module. TPM can be disabled or enabled in the BIOS of the device, and if it is disabled, Windows won't be able to discover it or make use of it.

Microsoft suggests that users go to Settings > Update & Security > Recovery > Restart now to check the UEFI Bios. The restart option displays a menu on the next restart. Visit Troubleshoot > Advanced options > UEFI Firmware Settings > Restart to have the device load the UEFI settings on the next restart.

The next steps depend on the make and model of the motherboard. Sometimes, settings may be found under Advanced, Security or Trusted Computing. The option to enable TPM is equally unstandardized, as it may be labeled Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.

Closing Words

Not all Windows devices are compatible with Windows 11, Microsoft's upcoming operating system. Some, because they don't meet the system requirements, others, because of a disabled feature in the BIOS. The implementation of TPM in the BIOS is chaotic and not standardized. Users with little experience will have a hard time finding out of TPM is supported and whether it can be enabled in the system's BIOS.

Now You: do your devices support TPM?

Article Name
Find out if your PC supports TPM 2.0
One of the pre-requisites for Windows 11 is TPM 2.0, the Trusted Platform Module according to Microsoft. While Windows 11 will install on devices with TPM 1.2, some functionality may not be available in this case.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Ayy said on September 18, 2021 at 2:09 am

    my PC supports it but there’s no way in hell I’m enabling a closed source crypto-storage-blackbox on my system.

  2. ghacks said on September 13, 2021 at 4:41 pm

    what dumb post is this?

    Neither of the methods described is valid if there is no TPM module installed, this doesnt mean that the device isnt compatible if a TPM were to be installed.

    Many manufacturers have released bios updates, because they have interest in selling their old stock of TPMs never sold before.

    In any case PM’s arent secure, security is a myth. And not even secure core PC’s that sport the xbox born security chip is reliable, else no one could install homebrew on their xboxes and yet all are flawed.


  3. John C. said on September 13, 2021 at 11:31 am

    This is the deal-killer that’s been coming for years now. I’m old enough to remember when hardware platforms dictated what software got run on them. Now M$ is dictating what the hardware platforms must have and this is the action of a true monopoly.

    I’ll continue to use Windows until the only version that works is W11 (which I’ll never use), then I’ll move over to Linux or BSD.

  4. Anonymous said on September 13, 2021 at 4:55 am

    TPM 2.0 by itself isn’t enough, you also have to have hardware support for MBEC which only (for the most part) 8th-gen Intel and 2nd-gen Ryzen and newer have. Supposedly Windows 11 will still run without it but MBEC has to be emulated in software, which can have a big performance hit in some cases (almost 40%!).

  5. FirefoxLoser said on September 13, 2021 at 4:54 am

    Who would rush out to use Windows 11?

    For every product they make (C# programming language, Visual Studio Code) I go from “feeling like a valuable costumer” to “feeling like the limits of my patience are being tested” real fast.

    I install Chrome. “Make Chrome the default browser”. It throws me 10 different settings which I have to go through them one by one. How user friendly of you, Microsoft. We’ve been through this with 10. Turns out you’ll test the limits of my patience again to learn how much you can change user experience for the worst and get away with it.

    “Fine. Let’s try Edge. It’s based on Chromium after all, how different could it be?” Turns out a lot. New page full of ads and articles. The so-called “focused mode” is sneaking headlines at the bottom, which I have to go out of my way to disable (if you couldn’t I’d just use an adblocker to filter the element or come up with a tampermonkey script, I swear to God). Bing is the default engine which is, alright, makes sense since it’s your engine so let’s change that. “Are you sure?”, “this is the recommended engine, are you sure?”. Also, nice touch that you can change the search bar engine to “Chrome” but the recommended way to search is the search bar in the new tab because that’s fixed to Bing. You can redirect the input to address bar and get yet another UX nightmare where you type in the search bar just to have it suddenly appear in the address bar. Why?

    “Okay, time to see what other stuff Microsoft is trying to sell me” is something I never said for Windows 98 Second Edition, Windows XP, Windows Vista, Windows 7 or Windows 8. And yet here we are, with the new generation of Windows users accepting it as the norm because “it’s a company, it has to make money. What do you want them to do, shutdown and starve?” so here we go debloating. And of course I expect the full release to require even more debloating since who pays to be advertised in a beta anyways?

    And what’s up with widgets? Who asked for “a shortcut where I can be served directly from Microsoft because setting it up as my homepage by default isn’t enough already”. There’s no way 20% of the people or more have asked for this. If I see Microsoft pushing this feature as “you asked and we have listened” they’ll be lying. It’s yet another thing I have to find workarounds to disable and free up resources because it’s aligned with Microsoft’s goals as a business instead of the average user’s goals.

    I wish I was feeling respected as a customer, you know. But I’m not. Windows 11 feels like the kid that tests your limits, trying to be naughty to see what it’s allowed to get away with it, and there are already people who find the kid cute so if you scold it for attempting to break the vase you’re just an old toxic man who doesn’t understand that “kids will be kids” or, to put it in perspective, “companies will be companies”. And good luck trying to explain that Microsoft have been a company before that and guess what, they did the same thing with IE but somehow I’m expected to believe that their corporate tendencies changed because they’re more inclusive now, 2 completely unrelated things.

  6. W.Wallace, Scotland. said on September 12, 2021 at 8:23 pm

    KDE Plasma 5.23 arrives next month. It can be installed on a potato and a dead horse, and will run a million times better on your computer than Winbloze 8, 8.1, 10 and 11 ever will, no matter what distro is under the hood. If you get a virus on it, you are lying. You agree to nothing when you install it and it wants nothing from you either, ever. Your computer is YOURS, your data is YOURS. So.. YOUR call. Come on people, TIME TO REVOLT NOW ! STICK IT TO THE MAN !

    1. ULBoom said on September 12, 2021 at 11:31 pm

      Plasma’s a desktop. Don’t we need a kernel and the other stuff that makes a distro work?

      1. W.Wallace, Scotland. said on September 13, 2021 at 12:04 am

        I guess the “no matter what distro is under the hood” – part was too difficult to grasp..? But thanks for participating with your supreme overlord linux-knowledge and patronizing snobbery. Made your comment even more hysterical, thanks.

      2. Anonymous said on September 18, 2021 at 1:28 pm

        Rude, quite uncalled for, and quite the “patronizing” “linux-knowledge” “supreme overlord” snob of a hyppocrite YOU have made of yourself. Good job!

        Now reread his/her question carefully. He did not question your assertion that any distro would support/run KDE Plasma 5.23. His question was concerning the need for a kernel (and other things) to make (your assertion of) “any distro” work, and therefor support/run “KDE Plasma 5.23”

        Now see if you can put that mind of yours to something other than misreading and insulting someone falsely, and answer the person’s question. Unless you can’t, in which case be mature enough to admit you do not know!

  7. VioletMoon said on September 12, 2021 at 6:38 pm

    “Users with little experience will have a hard time finding out of TPM is supported and whether it can be enabled in the system’s BIOS.”

    Then, we need a basic tutorial in figuring it out; it’s not really that difficult although booting to BIOS may be the most problematic part. On one machine, I had moved from UEFI to Legacy Boot, but I still wasn’t able to boot to BIOS. Eventually, I discovered that the keyboard, a wireless, was preventing the boot and plugged in a USB keyboard.

    It’s all quite easy after that.

  8. Anonymous said on September 12, 2021 at 4:17 pm

    Even the linux kernel supports the TPM. That OS continues slowly rotting from inside from all the big tech larvae having infiltrated it.

    1. Corky said on September 12, 2021 at 7:33 pm

      Key word there being supports not requires, and the reason it supports it is because without support for TPM you couldn’t run Linux if you enabled it due to it not being certified by Microsoft.

      Essentially TPM makes Microsoft the gate keeper of what people can run on their own hardware, be that an OS or probably at some point in the future other software, like win32 software when Microsoft deem them to be a ‘security’ risk.

      1. ULBoom said on September 12, 2021 at 11:22 pm

        Interesting. I guess I haven’t been swapping out distros from all three branches for the last year on an ancient laptop without TPM.

  9. pHROZEN gHOST said on September 12, 2021 at 3:38 pm

    When do we start considering our impact to the environment with electronic waste?
    I will not get rid of perfectly useable PCs in order to go to W11. I will start using Linux.
    Goodbye MicroShaft.

    1. Yanta said on September 13, 2021 at 6:18 am

      It seems to me the biggest environmental cronies are the tech companies themselves. They don’t repair stuff. Nothing gets recycled. For the sake of a single component they throw it away… Damn fools.

      Considering the “sustainable future agenda” one would think manufacturers would step up. But instead they blame consumers for all the problems.

      1. Anonymous said on September 18, 2021 at 1:03 pm

        In my previous job I once had a conversation with an IT employee. I mentioned that newer chargers are twice the price of my 10+ year old charger, and my charger even though not labeled a fast charger, was capable of charging my phone as fast as fast chargers, AND it was capable of being plugged into an outlet, or a car’s lighter socket, where as chargers today do not connect to both, and do not last anywhere near 10 years! Then I complained how this was an example of technology taking backward steps.
        He got mad at me and said people like me that expect technology to be reliable, stable, and last a decade are the reason why the IT field does not make money and we stifle progress. And this is why electronic gadgets and chargers are built to NOT last long!

        I kid you not. This guy had the nerve to say I’m wrong for expecting something I buy to last a while. I wish I could go back in time and raise this topic of sustainability and recycling, just to see how much more foolish he would get!

        Still, If his thinking is what IT people are taught to believe, then there is a bigger problem here than just wasteful practices!

  10. ChromeFan said on September 12, 2021 at 2:59 pm

    Not only did they copy Apple’s UI, they are also riding the cotails of Google’s Android. How the once mighty Microsoft have fallen.

    I have until 2025 to decide if I want to uograde to Windows 10.1.

    1. Yanta said on September 13, 2021 at 6:13 am

      Lol, say what?? Microsoft were once mighty? I must have blinked and missed it :)
      Seriously, I don’t think I’ve ever dealt with a more unscrupulous company.

    2. ULBoom said on September 12, 2021 at 11:52 pm

      Probably linux desktops, too. There are linux desktops and themes that are very similar to Win 11. MacOS, which is based on linux, looks very similar to many linux desktops with the strange file organization and other quirks intact. Just not free.

      Seems MS is run by a bunch of phone culture fools with little creativity who can only copy stuff. These clowns would probably be good at resurrecting Win RT. Then what, wipe out android? Ha Ha! No way.

      1. ryuk said on September 13, 2021 at 12:40 pm

        Hey ULBoom, just a small correction. MacOS is not based on Linux, it’s based on Unix.

  11. Anonymous said on September 12, 2021 at 12:13 pm

    “Trusted computing” means exactly the contrary, it gives the ultimate control of the device to those companies we’re already learned to hate instead of the device owner, that’s why the FSF calls it “treacherous computing” instead. The potential evil uses of “trusted computing” are infinite but it is already used for DRM for example.

    And another funny reversal of vocabulary meaning is that in the case of evil uses, when they talk about “security” and “attackers”, they are calling the *device owner* the “attacker” for trying to take back control of his own machine by hacking around the “trusted computing”… This is not our security they are talking about.

    The “security” word from the mouth of such companies should always be received with extreme suspicion as it includes increasingly ourselves acting in our own interests in the list of “threats” ; it’s one of the main excuses to destroy freedom and privacy.

  12. Corky said on September 12, 2021 at 10:28 am

    It will be a cold day in hell before i enable TPM. No company should have the right to tell me what software i can or can’t run on my hardware, least of all Microsoft.

  13. Dumbledalf said on September 12, 2021 at 9:59 am

    Already running Windows 11 22454.1000.

    I can’t wait for October 5th when the official one will launch. Already I can see Windows 11 being a lot faster than Windows 10.

    1. ilev said on September 13, 2021 at 8:23 am

      Ubuntu 20.10 is 50% faster than both Windows 10 and Windows 11 which are both the same.

    2. Yuliya said on September 12, 2021 at 4:56 pm

      Here both SAC 21h1 and W11 score the exact same on benchmarks. What I have found is that on W11 the OS UI is generally slower/heavier, especially the Settings application which sometimes takes upwards of a second to navigate between submenus. I will definitely give W11 LTSC a try whenever that SKU will surface, although my expectations right now are fairly low from this OS.

      1. Yuliya said on September 12, 2021 at 4:59 pm

        … I will give W11 LTSC a try, but keeping TPM and SecureBoot disabled that is. I will never enable that crap.

    3. Tom said on September 12, 2021 at 4:32 pm

      It’s called the placebo effect. Everyone says this with a new phone OS version too. It will always run better out of the gate. Nothing new.

      1. Dumbledalf said on September 13, 2021 at 7:57 am


        When I see with my own eyes how things are happening faster compared to how it was in Windows 10, it’s not a placebo effect.

    4. Corky said on September 12, 2021 at 3:23 pm

      “Windows 11 being a lot faster than Windows 10.”

      Only it’s not, in fact early dev builds were slower than 10 (LTT YouTube video: ). Obviously we’ll have to see if that drop in performance in some games remains in RTM.

    5. Dumbledalf said on September 12, 2021 at 2:23 pm

      And before anyone accuses me of being a Microsoft/Windows fanboy, I have been pirating my Windows since 2006, never paid for it, never will, I also disable all telemetry.

      1. ChromeFan said on September 12, 2021 at 2:54 pm

        You can still be a fanboy without buying their products

  14. Lindsay said on September 12, 2021 at 9:51 am

    Ahh so how do I disable TPM, preferably permanently?

    1. Yuliya said on September 12, 2021 at 4:48 pm

      You should have the ability to toggle it on or off from BIOS. I always disable TPM and SecureBoot nonsense on all my machines.

      1. a Q said on September 12, 2021 at 11:22 pm


        why is it a good idea have them turned off?

      2. Yuliya said on September 13, 2021 at 4:13 pm

        Because mainly I have no use for either of them, and things like SecureBoot are known to be exploitable (bypassed), so really it is not very secure afterall.
        You could make the argument for TPM kind of being useful, but really you don’t need it and you can achieve even FDE through BitLocker without it – if you need it. Also, Microsoft and other companies (RiotGames) have already shown interest in forcing the end-user to only run software which they deem “safe” on W11 via the aid of TPM, even before Win11 was released to the general public. Fuck that, this alone should be a red flag for everyone.

        While you’re at it, in BIOS most likely you will be able to disable Intel ME as well. Kill it, it’s useless and a security threat more than anything. Ofcourse, if you’re on an Intel platforrm, idk about AMD.

      3. a Q said on September 18, 2021 at 4:41 am

        Thanks Yuliya.

        I found an article critical of TPM 2.

        In that article Jorge Myszne, founder and CEO of semiconductor startup Kameleon says:

        “The main challenge is that the TPM is a passive device; while you can store data there and nobody can see it, in order to do something with that data the software needs access. And if the software has access, an attacker can gain access too.”

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.