Windows 11 was announced on June 25, 2021 and I am really excited to see all of the recent feature updates. The announcement video was simply amazing! One of the items in the Windows 11 hardware requirements specifies TPM 2.0. In this blog I will briefly describe what TPM is, explain how systems purchased in the past 5-6 years already have it, and how to enable TPM 2.0 to install Windows 11 (if not already enabled).
Trusted Platform Module(TPM) 2.0 is the latest version of this type of crypto processor(TPM 1.2 was an earlier version not supported by Windows 11). TPM provides hardware based encryption, secure boot, Bitlocker, and ultimately prevents malicious attacks against so many devices used today. If you are a user of Windows Hello that enables sign-in by fingerprint, facial recognition, PIN, and more, then you are using the functionality provided by TPM.
TPM is not a new capability. It was announced in 2013 and has been included in almost every PC purchased since 2015. As of January 15, TPM 2.0 was required on all certified Windows Devices (source). This means that TPM will be found on systems built by major manufacturers. Where TPM chips are more likely not to be found is on system built by individuals at home.
Both Intel and AMD systems have a TPM. Intel calls their TPM Intel PTT while AMD calls it AMD PSP fTPM. Windows 11 supported Intel processors are listed here while AMD processors are listed here. Before you enable TPM on your system, you may want to check with the manufacturer website for updates to the firmware. This link has a great list of where to get the firmware updates for most OEM PC manufacturers.
While most systems running today already have a TPM chip, the functionality may not be enabled and that may cause issues during the upgrade check for Windows 11. I recently published a blog about how to enable Secure Boot, another requirement of Windows 11. This blog will assist you with the steps needed to enable TPM and proceed with a Windows 11 upgrade.
Steps to Enable TPM 2.0
My System Details: Below is information about the system being used in the steps below to enable TPM. Remember, this is on a system using an Intel TPM on a Lenovo laptop, so the steps may be a bit different for you if using an AMD processor or a different system manufacturer other than Lenovo.
- Lab Laptop: Lenovo Carbon X1 1st Generation
- Windows Specifications:
- Edition: Windows 10 Pro
- Version: 21H1
- OS Build: 19043.928
- Device Specifications:
- Processor: Intel® Core™ i7-3667U CPU @ 2.00GHz 2.50 SHz
- RAM: 8.00 GB
- System Type: 64-bit Operating System
- Enter the BIOS or UEFI of your system by using F1 (On a Lenovo). Other systems can be accessed using the list below:
- Dell: F2 or F12
- HP: ESC or F10
- Acer: F2 or Delete
- Asus: F2 or Delete
- MSI: Delete
- Toshiba: F2
- Samsung: F2
- Surface: Press and hold volume up button
- Locate the TPM Intel PTT or the AMD PSP fTPM setting area. This is where things can get a little tricky because there are so many versions of UEFI by so many manufacturers. Often times, you will see the two Intel or AMD TPM settings listed. But in my case, on this older Lenovo system, I did not. Instead, the TPM module was called Security Chip and it was not on by default. Once I enabled it, I was able to move forward with my installation.
Change the Security Chip setting to Active:
I hope this blog helps you move forward to a successful Windows 11 installation.