How to install Windows 11: Enable TPM and Secure Boot
The latest version on Finally there is Windows, but there is a confusing new requirement if you want to upgrade from Windows 10: Your computer must have a security feature called TPM. You may not have heard of it until now, but maybe you have it on your machine-it can just be the default default. If you’re having trouble upgrading in an incompatible way, a small switch may be to blame.
What are TPM and Secure Boot?
Microsoft’s Windows 11 system requirements mention a new requirement not present in previous versions of the operating system: a Trusted Platform Module (TPM). More specifically, it requires TPM 2.0, which was first released in 2014.
TPM is sometimes a chip built directly into your device’s hardware, or – more commonly for consumer PCs – a type of firmware supported by your processor. TPMs are not resistant, making it difficult for anyone to steal any data it stores or the cryptographic keys it generates.
The reliability and safety of this form of chip is what is referred to as a “root-of-trust in hardware. ”Basically, the TPM is an element that is always trusted to keep your system safe, like the fireproof lockbox in your home where you store important documents. It has security features that help protect your computer such as your storage drives are encrypted or using logins such as fingerprints or facial recognition. This is only possible because there is a safe place on your computer to store encryption keys or biometric data that would not be securely stored otherwise.
One of the many features enhanced by TPM is Secure Boot. This feature prevents malware from running the first time you start your computer by allowing the cryptographically signed software to run when you have it enabled (even if you can turn it off if you must).
Why You Need It for Windows 11
For all the confusion about this new requirement, it’s not really that new. Microsoft requires TPM 2.0 on newly built PCs from 2016 running any version of Windows 10 for the desktop. If you bought a Windows 10 device from a store several years ago, there’s a decent chance you’re already covered and you can install Windows 11 right now. Just go to Settings> Windows Update> Check for Updates.
However, many computers are still left on the market. Custom-built PCs, for example, can be used on motherboards and processors that do not come with a TPM or do not make it by default. Many Windows devices are protected, but some are not and that makes it even more difficult to constantly switch security features.
A prime example of this is Microsoft’s attempts to terminate passwords for all Microsoft accounts. Passwords are, Conversely, hard for people to remember and always easy for attackers to get through. The company is pushing alternatives to passwords that use your phone’s authenticators, biometric data, or even a PIN which – if stored in a TPM – can be more secure than a password and easier to use.
While some of the features work on devices without TPM, they are more secure if you have it. Requesting the TPM on all Windows 11 devices allows Microsoft to set a security floor. What hurts is that it can leave some people with other capable computers. For Microsoft, that’s a tradeoff worth making.
How to Learn TPM and Secure Boot
Leaving older PCs when a new version of Windows comes out isn’t new, but this specific requirement leaves many people confused because some computers are must able to run Windows 11 just fine supposedly incompatible.
Part of that is because of the early versions of PC Health Check app, which is Microsoft’s downloadable tool that tells you if your hardware is suitable for the upgrade, just throws an error if your device’s TPM isn’t enabled. Fortunately, the latest version tell you if TPM is the problem. You may experience this issue if you built your PC yourself or have someone else do it for you. Lots of motherboards compatible with TPM, But some gaming motherboards have skimped on appearance in favor of other bells and whistles.