Skip to main content

How to configure TPM 2.0 for a Windows 11 installation

 

How to configure TPM 2.0 for a Windows 11 installation

Windows 11 system requirements include TPM 2.0. What it is and how to activate it to install a new operating system.


What is TPM 2.0

Simply put, it is a dedicated encryption module on the motherboard. It is in it, and not on your computer's hard drive, that encryption keys are stored, which is much safer.


Most systems do not have such a module, but this does not mean that Windows 11 cannot be installed. The TRP software module is implemented on modern motherboards for Intel and AMD.


How to check your computer for Windows 11 compatibility

First you need to check the official system requirements:


  • processor: 64-bit dual-core with a clock frequency of at least 1 GHz;
  • RAM: 4 gigabytes;
  • drive: 64 gigabytes;
  • video: DirectX 12 or later compatible with WDDM 2.0 driver;
  • display: at least 9 inches;
  • other: TPM 2.0 and Secure Boot support.
If your equipment does not match them, then you will not be able to upgrade. Next, you need to download the PC Health Check program to check compatibility.


Install the program and run it. On the main screen, click on the big blue "Check Now" button. If the program displays the message "Windows 11 cannot start on this computer," most likely your computer does not meet the system requirements. Unfortunately, nothing can be done with weak hardware, just buy a new computer. But you can try to solve the problem with the TRP module.

Although the program does not indicate a specific reason for the incompatibility, it is most likely the TRP module. To find out for sure, press Win + R and run tpm.msc , which will open the Manage TPM on Local Computer window. If you see the warning "Cannot find a compatible TPM", then the problem is in the TRP module.


How to set up a TPM 2.0 software module

To enable the software TPM, you need to enter the BIOS. This can be done by holding down a certain key when turning on the computer. This is usually Del, but it can be F2 or something else, depending on the manufacturer. It is advisable to install the latest BIOS version for your hardware before doing this.

On ASUS motherboards with AMD logic, you must first press the F7 key to go to advanced settings. Then switch to the Advanced tab and select the AMD fTPM configuration line. Next, enable the AMD fTPM switch line. On Intel motherboards, the path is slightly different. On the Advanced tab, find the line PCH-FW Configuration, then TPM Device Selection. Set the value to Enable Firmware TPM.

On MSI motherboards with AMD logic, go to the Security menu and then Trusted Computing. In the Security Device Support line, set the value to Enabled, in the AMD fTPM switch line, set AMD CPU fTPM. On Intel, everything is almost the same: in the Security Device Support line, set the value to Enabled, in the TPM Device Selection line, select PTT.

On ASRock motherboards with AMD logic, go to the Advanced menu, then scroll down and select the AMD fTPM switch line. Set the AMD CPU fTPM value. On Intel, everything is also very simple: go to Security and find the line Intel Platform Trust Technology at the bottom of the screen. Select the Enabled option.

Then save the settings and restart your computer. Run the tpm.msc command again. If you did everything correctly, there will be no warning about the missing module this time. Next, check the status in PC Health Check again, if the error persists, the problem is something else. For example, the disabled option Secure Boot.

In addition, if such an option is provided, then you can find a hardware module and install it on the motherboard. But for obvious reasons, this method will not work for everyone.

Comments