What Is a TPM, How to Check and Enable TPM 2.0 for Windows 11 [Full Guide]

What is a TPM chip? A TPM (Trusted Platform Module) chip is a specialized microcontroller designed for computer security. It is a hardware component, typically integrated onto the motherboard, aimed at providing encryption and security features to protect data and system integrity. The primary objective of a TPM chip is to enable trusted computing, ensuring the immutability of the platform's initial state and subsequent operations. Some common functions of a TPM chip include: 1. **Key Storage**: It securely generates, stores, and manages cryptographic keys, preventing unauthorized access. 2. **Platform Authentication**: The TPM can generate a unique platform identifier (PCR value) allowing the system to verify its own identity. 3. **Firmware and Software Verification**: During system boot, the TPM checks the integrity of critical firmware and software components, ensuring they have not been tampered with maliciously. 4. **Data Encryption**: It supports the encryption and decryption of sensitive information, such as hard drive data and personal data. 5. **Remote Attestation**: Allows remote servers to verify the computer's state, ensuring it complies with security policies. TPM chips are widely used in enterprise environments, particularly where high levels of data protection and security are required, such as in cloud computing, digital rights management, and network security. Additionally, with the requirements of the Windows 11 operating system, TPM has become a security feature of interest for individual PC users as well.

The Trusted Platform Module (TPM), also known as ISO/IEC 11889, is an international standard for a secure cryptoprocessor, a dedicated microcontroller that protects hardware by integrating encryption keys. The TPM chip is either built into a PC's motherboard or added to the CPU.

From October 1999 to March 2003, IT giants Microsoft, HP, IBM, and Sony established the Trusted Computing Group (TCG), with the aim of researching and formulating related standards and technical specifications for trusted computers from the perspectives of cross-platform hardware and software, and operating system environments. They proposed the TPM specification. The final revision of TPM Main Specification 1.2 was released on March 3, 2011, and the latest version of TPM is 2.0.

A chip in TPM mode must be able to generate encryption and decryption keys, perform high-speed data encryption and decryption, and act as a coprocessor to protect the BIOS and the operating system from modification.

What is a TPM?

A TPM has multiple uses, primarily for device identification, authentication, encryption, and integrity verification.

Platform Integrity

The main job of a TPM is to ensure the integrity of any computer device, regardless of its operating system. It is designed to ensure that the boot process begins with a trustworthy combination of hardware and software, and continues all the way through to a fully operational OS and running applications.

It is the responsibility of the firmware and the operating system to ensure the integrity of the TPM's use. For example, the Unified Extensible Firmware Interface (UEFI) can use a TPM to establish a root of trust. Other examples of platform integrity achieved through a TPM include the use of Microsoft Office 365 licenses, TXT, and Outlook.

Encrypt any partition of the hard drive

TPM can be used to encrypt any disk partition. Some computer manufacturers use it for “one-touch recovery,” perhaps the purest expression of the idea (by storing a system image in a TPM-encrypted partition). Large commercial software companies, such as Microsoft, use it to encrypt partitions (in the case of BitLocker, for example).

Storing and Managing Passwords

An operating system typically requires authentication (involving a password or other method) to access keys, data, or the system itself. These keys are now physically stored in memory units embedded in the chip, which retain their information even when power is disconnected. A TPM is far more secure than a BIOS management password.

What is the difference between TPM 1.2 and TPM 2.0?

The TPM 1.2 specification allowed only RSA and SHA-1 hash algorithms. TPM 2.0 provides greater cryptographic flexibility by allowing the use of more modern algorithms. TPM 2.0 supports updated algorithms for improved driver signing and key generation performance.

TPM 2.0 is simply an updated version of the TPM 1.2 technology that has been around since 2011. It has stronger encryption, better security, and support for newer algorithms. As with most things in tech, newer is better.

Microsoft requires TPM 2.0 for Windows 11

Microsoft has long placed a high priority on security, which it ensures by requiring that the operating system be supported by certain hardware, such as a TPM 2.0 chip.

While Windows 10 can run just fine without a TPM, Windows 11 requires a TPM 2.0 for installation. A computer is vulnerable to all sorts of attacks, from phishing to ransomware, that can cause serious damage. With a TPM 2.0, the risk of such threats to your Windows operating system is significantly reduced.

Starting July 28, 2016, all new Windows PCs were required to have TPM 2.0 enabled by default. If you bought a laptop, desktop, 2-in-1, or any other device with Windows 10 pre-installed, Microsoft required manufacturers to include TPM 2.0 and have it enabled.

Must-read: How to use the Windows 11 Upgrade Checker or the PC Health Check app to see if your computer can run Windows 11.

You might also want to know: Can I install Windows 11 without TPM 2.0? You'll find the answer in this guide.

How to Download and Run Windows 11 Without TPM 2.0

Is there any way to bypass TPM 2.0 and upgrade to Windows 11 for free from Windows 10? We offer you a workable solution.

How to Check if Your Computer Has a TPM 2.0 Chip

If your computer meets the other minimum system requirements for Windows 11, it might support TPM 2.0. If you bought your computer after 2016, it almost certainly has TPM 2.0. If your computer is a few years old or you built it yourself, you may have a motherboard that doesn't have the TPM 2.0 chip required by Windows 11.

You can check the status of TPM 2.0 on your Windows 11 device by following these steps:

Step 1: Press the < strong>Win+R keys on your keyboard to open the Run window.

Step 2. Type tpm.msc in the Run box, and then click OK.

Step 3: You should then see one of the following results:

The TPM is ready for use, with some details.

The TPM is unavailable, or you receive an error message that states that a compatible TPM wasn't found.

The sentence to translate into American English would be: ""

How to Enable TPM 2.0 on Your PC for Windows 11

If your PC doesn't have a TPM or the TPM can't be found, you can enter UEFI mode to enable TPM for Windows 11 in two ways.

Method 1: Enable TPM 2.0 in Settings

Step 1: Press the Win + I keys on your keyboard to open Settings. Then, select "Update & Security."

Step 2: Click on “Recover” in the left pane. Under “Advanced startup,” click “Restart now.”

Recovery options

Step 3. Select Troubleshoot > Advanced options > UEFI Firmware Settings. Then, select Restart.

Step 4. Navigate to the Security settings. Select the TPM setup option.

Step 5: If TPM is disabled, enable it. Then exit the settings and restart your computer.

Method 2: Enable TPM 2.0 in the UEFI firmware setup utility

Step 1. Restart your computer and press a specific key repeatedly to enter Boot Mode. This key varies depending on the motherboard manufacturer. Here are some common keys for popular brands:

• Dell: F2 or F12
• Hewlett-Packard (HP): ESC or F10
• Acer: F2 or Del
• Lenovo: F1 or F2
• Asus: F2 or Del
• Msi: Del
• Samsung: F2
• Toshiba: F2
• Microsoft Surface: Hold the Volume Up button

Step 2. Use the arrow keys to open the "Security Settings" page.

Step 3. Locate the TPM setup option, as shown in the screenshot from Method 1.

Step 4. Enable TPM. Exit the settings, and then restart your computer.

How to Download and Install Windows 11 on Your PC

This guide outlines a simple way to download and install Windows 11 via a bootable USB cable, as long as your device meets the installation requirements. You can download Windows 11 right away.

Step 2: Plug the USB flash drive into your computer. The Windows 11 Installation Assistant should detect it automatically, and you can click Create.

Step 3. If you're using a used USB drive, the software will wipe the data from the drive. Once the download starts, wait for it to finish, or feel free to step away and do something else while it downloads.

Step 4. After successfully downloading the Windows 11 ISO image to the USB drive, follow the on-screen installation wizard instructions to install Windows 11 on your computer from the bootable USB drive.

Bottom line

This article explains all the basics you need to know about TPM and TPM 2.0 on Windows 11. In short, the TPM chip is a vital component for system and device security. As Windows updates and security becomes more important, the role of TPM becomes more significant. It's best if your PC has TPM 2.0 enabled. If your computer has a TPM chip but it's not activated, you can follow the instructions in this article to activate it.

Can I add a TPM to my computer?

Can you add a TPM 2.0 chip to a computer that doesn't have one? Technically, yes, if you're comfortable with the hardware and software security settings in your system BIOS, you could add a standalone TPM 2.0 chip to your motherboard.

Many motherboards have a set of pins labeled “TPM,” but it's not always easy. Even if you install a hardware TPM in your DIY rig, you'll need to make sure it's configured correctly in your BIOS so that Windows can see it. The process varies quite a bit depending on which motherboard and CPU you're using.

It's not something the average user can install on their own motherboard. If your computer is really that old, but you want to experience Windows 11's new interface and features, you might consider upgrading to a new computer with a TPM 2.0 chip.