Updated on July 28, 2021
Windows 11 is launched on June 24, 2021, officially by Microsoft with a new look and much more. All of us are excited to upgrade our PCs and laptops with WIN11. Do we know, what is the configuration required for it? Have you come across the term “ TPM – Trusted Platform Module Chip”? if yes then you must be looking for the answers to the following questions:
- What is a TMP device?
- Why is TPM required for Windows 11?
- How do I enable TMP?
- Does my PC ready for Windows 11?
- Does Windows 11 require secure boot?
This post covers a detailed discussion on the topic, what is a TPM and why do i need one for windows 11? This post will also explains the importance of hardware-level protection.
Important to Consider:
Microsoft considers hardware security value for the coming generation of PCs that’s why TMP chips are introduced. The older PCs can be upgraded with TPM chips.
David Weston, director of enterprise and OS security at Microsoft explains about TMP chips. “Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
What is TPM 2.0 Windows 11?
TPM is a hardware chip which does cryptographic functions like creating cryptographic keys and storing them in its isolated module in PC Motherboard. It is separated from the rest of the computer in the processor so that they can authorize the encrypted keys, files, and other authentication functions.
TPM is a global standard for a dedicated secure cryptoprocessor. Keep security concerns in mind Microsoft added its support in windows 11. Before moving towards a solution first we need to know about the type of TPM module so that an appropriate method of solution can be adopted.
TPM Module Windows 11 – Types
TPM is available in 2 modules- Firmware TPM (fTPM) and Discrete TPM (dTPM).
These chips provide firmware-based TPM solutions like UEFI. It runs in the trusted execution environment of a CPU. Intel calls this functionality with the name ‘Platform Test Technology (PTT)’ and AMD named it simply fTPM or Platform Security Processor (PSP).
These are hardware-based modules that have a dedicated chip to perform TPM functionality. A dedicated slot called “TPM” to plug a dTPM chip is placed on the motherboard. It is a 20-pin or 14-pin chip.
Apart from the types, TPM is available in 2 versions
TPM 1.2 and TPM 2.0 Among both the versions, mostly TPM 2.0 is recommended by Microsoft to use with WIN 11. This is explained in detail in a later section.
The Trusted Platform Module (TPM) Explained
The earlier OS such as Windows 7 and Windows 10 both have extensive support for TPMs. The organizations working in secure environments use Laptops and desktops with the main adopters. Since 2018, smart cards are replaced with TPM chips. Smart cards must be inserted into a slot or tapped against a built-in wireless reader, to verify that the system hasn’t suffered from tampering.
Security features at the operating system level also already make use of TPMs. Ever used the Windows Hello face-recognition login feature on a newer laptop? That requires a TPM.
Why Does Windows 11 Need TPM 2.0?
Well, TPM is not a new term for modern PC manufacturers and experts. Most of the latest PCs have them inbuilt. From the broader perspective, they provide design-level security to the PCs and protect against cyber attacks. TPM Chips have existed since 2011, but they are used in high-end PCs till now.
Here’s the process of how it works. Any encryption algorithm can store encryption keys in the TPM to protect your files. When your computer boots, the key stored in the TPM is used to unlock your drive. In case of system hacking, the drives can be sent to another computer, but the hacker will not be able to decrypt it and access your files without the keys stored in the TPM.
The purpose of introducing this type of security is that if all Windows 11 PCs have a TPM, then all Windows 11 PCs can natively support Device Encryption. That’s a lot better than the situation with some Windows 10 PCs coming with disk encryption while others don’t include encryption.
A TPM will act as a baseline of hardware security for the Windows 11 system. The benefit is that Microsoft won’t have to build software-based hacks on top of Windows 11 or leave important functionality as disk encryption is disabled on many PCs.
Microsoft made it clear at the early stage of the new windows launch that TPM 2.0 will be preferred instead of TPM 1.2. Microsoft experts have further explained the advantages of TPM 2.0 over TPM 1.2, including support for more modern cryptographic algorithms.
Check if Your PC Has TPM 2.0 for Windows 11
The easiest way to check the enabling of TPM in your system is, press the Windows key + R to bring up the Run dialogue box. They can then type in ‘tpm.msc’ and hit enter. A subsequent screen, the TPM Management screen, will pop up if the feature is enabled and will show you other details. If there is no TPM present or enabled, you will see the same in a message.
The methods to enable TPM are mentioned below:
Turn on TPM 2.0 through your BIOS settings
In some PCs TPM chip is present but it’s not enabled. In assembled PCs, this is more likely to happen.
- For enabling through BIOS, open the BIOS settings and look for the TPM setting
- Now look for the TPM or PTT (Platform Trust Technology), usually found under an ‘Advanced’ tab
- Once enabled, you can check for your TPM version again to make sure you are Windows 11 eligible.
A Trusted Platform Module (TPM) is a security device hardwired into your computer’s CPU. For operating systems like Windows 10, you need to use features like BitLocker, encryption, and decryption of the hard drive.
Check Using TPM Management Tool
- Search for the “ tpm. msc” in the Run window.
- When you do so, the TPM utility will launch.
- Here you want to look for Status and TPM Manufacturer Information
In my example below, the status is: “The TPM is ready to use.” And the Manufacturer info is version 2.0. That means my CPU is good for running Windows 11.
Once you make sure of the presence of TPM, you can close the console.
Use Device Manager
You can check the enabling of TPM by using the Device Manager. Right-click the Start button and then click Device Manager from the so-called “Power User Menu.” You can also type “devmgmt.msc” into the Search box and open it from the result at the top. And keep in mind that you can create a desktop shortcut to Device Manager if you use it often.
Once Device Manager opens, scroll down and click on “Security Device” to expand the menu and see if any TPM entries exist.
Use the Command Prompt
You can use the Command Prompt to look for TPM, too. Hit the Windows key and type: cmd and launch the Command Prompt as Administrator.
Then copy and paste the following command and hit Enter.
To know you have TPM installed, three values need to come back as TRUE:
NOTE: Use the Windows PC Health Check app to make sure your system will support Windows 11.
How to Bypass the Windows 11 TPM 2.0 Requirement?
If you are attempting to install Windows 11 and receive a message stating, “This PC can’t run Windows 11,” it is likely that you do not have a TPM 2.0 installed or enabled.
To get out of this situation, a new ‘LabConfig’ registry key can be used to configure settings to bypass the TPM 2.0, the 4GB memory, and Secure Boot requirements.
Based on the name of this registry key, it is likely used by Microsoft or OEMs to set up a “lab” environment to test the Windows 11 on older equipment or when testing new features.
However, to bypass the TPM 2.0 requirements when installing Windows 11, please follow these steps:
Install Windows 11 via an ISO or the Windows 11 Insider Program. While installing Windows 11, if your computer does not meet the hardware requirements, you will see a message stating, “This PC can’t run Windows 11.”
When you see the above message, press Shift+F10 on your keyboard at the same time to launch a command prompt. At this command prompt, type regedit and press enter to launch the Windows Registry Editor.
When the Registry Editor opens, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\Setup, right-click on the Setup key and select New > Key.
When prompted to name the key, enter LabConfig and press enter.
Now right-click on the LabConfig key and select New > DWORD (32-bit) value and create a value named BypassTPMCheck, and set its data to 1. Now create the BypassRAMCheck and BypassSecureBootCheck values and set their data to 1 as well, so it looks like the following image.
Once you configure those three values under the LabConfig key, close the Registry Editor, and then type exit in the Command Prompt followed by entering to close the window.
You will now be back at the message stating that the PC can’t run Windows 11. Click on the back button in the Windows Setup dialog, as shown below.
You will now be back at the screen prompting you to select the version of Windows 11 you wish to install. You can now continue with the setup, and the hardware requirements will be bypassed, allowing you to install Windows 11.
It is important to note that disabling these features could affect the performance or stability of Windows 11, so be sure to only use them on a virtual machine or test box that is ok with working in an unsupported environment.
Furthermore, by disabling the TPM 2.0 requirement, you are effectively reducing the security in Windows 11.
Finally, running Windows 11 on anything less than 4GB will not be an optimal experience and is not recommended.
FAQs About Windows 11 Tpm 2.0
Saitech Inc. is a reseller of computer hardware and software in the USA. When our technical team researched the requirement of TPM2.0 for WIN11, we came across the following queries from the customers. Here few of them are discussed:
Will adding a TPM chip have any aftereffect on the motherboard?
The TPM 2.0 chip is separately available in the market. Almost all the motherboards support it. But you must install and enable the chip through your BIOS settings properly. If the chip is not installed by following the instructions, it will not work. However, there is no effect on the working of the motherboard.
Will I be able to run Linux after the installation of TPM 2.0?
To run the two OS smoothly on your system, you need to make sure that the dual boot environment must be enabled However, the TPM installation might affect the support of some Linux inbuilt features.
Does TPM block any of the WIN11 or any other OS features?
TPM 2.0 allows all the applications that use encryption techniques. Right now, Microsoft has made it compatible with all Digital Signal Processing Apps like face recognition, voice recognition systems. These are the features of Apple devices. In the future, there might be some restrictions but right now, you can go ahead with a featured WIN 11 installation.