Technology

How to enable TPM 2.0 and Secure Boot to upgrade to Windows 11

With Windows 11 just introduced to the company, now comes the controversy. In the minimum requirements for updating to the new Microsoft operating system, two important new features: TPM 2.0 and Secure Boot (Secure Boot, in English). The problem here is that many computers do not have these options, mainly from 2015, and in more modern ones they are disabled.

In fact, it is common for the TPM option on part-assembled computers to be disabled by the motherboard manufacturer. The solution is to go into BIOS and enable this feature. So, in a few minutes, we’ll see how PC Health Check goes from rejecting the update to Windows 11 to indicating that our equipment is fully compatible.

How to check the TPM version of our equipment

As we said, Windows 11 requires TPM 2.0 to update. Therefore, before we go into BIOS and touch anything, we will check if the TPM chip is enabled (this is common in laptops) to see if the version is compatible.

In the search box, we type tpm.msc. We open the first search result to go to the TPM administrator.

Here we have to look at the bottom, where the version of the spec is indicated. If we see version 2.0, our computer should be compatible with Windows 11 in this section. If PC Health Check continues to indicate that we cannot update, we will need to look for other causes, which are likely related to the graphics driver from the computer manufacturer.

How to enable TPM from BIOS

To activate TPM 2.0 by firmware, as is usually the case on desktops, we will need to access the BIOS. To do this, press the corresponding key when starting the equipment. Usually this is usually F2, F8, F12 or Esc, although we can confirm this in the manufacturer’s manual or on the motherboard.

If Windows 10 is installed by UEFI, we can access BIOS from Settings app. Concretely, we will have to go to Update and security> Recovery. Here, click on “Restart now” in the “Advanced startup” section.

The computer will restart and a menu with a blue background will appear. On the first screen, click on “Troubleshoot” then on “Advanced options”. Finally, we click on “UEFI Firmware Configuration”. Finally, we confirm the restart and the computer will enter the BIOS directly.

The next steps will depend on the manufacturer, although they are generally similar on all motherboards. In this case, we will detail the process for MSI cards with ClickBIOS.

We go to the “Security” section. Click on “Trusted Computing”. Click on “Security Device Support” and check “Enable”. We make sure that the “AMD fTPM Switch” option is enabled. For Intel processors, “Intel Platform Trust Technology” will appear.

How to enable Secure Boot from BIOS

Secure Boot is also a prerequisite for upgrading to Windows 11. Likewise, it is also usually disabled by default on desktop computers. To activate it, we will follow the following steps from the BIOS.

We go to the “Advanced” section. On cards from other manufacturers it is common to find it in the “Boot” section. Click on “Windows operating system configuration”. We check that in “BIOS UEFI / CSM Mode” it says “UEFI”. We click or select “Secure Boot”. Click on “Secure Boot Mode” and choose “Custom”. If a security code warning appears, click “Yes”. Click “Register all factory default keys” to establish the secure boot keys. Finally, click on “Secure Boot” and choose “Enabled”.

It is important that you check what we have indicated in step 3, because UEFI is an essential requirement for installing Windows 11. In case “Legacy” or “CSM” appears, we must keep in mind that we will need to change it and reinstall our copy of Windows 10 or perform a clean install of Windows 11 after the install ISO image is released.

Finally, we save the changes made from the “Save and Exit” section by clicking on the “Save changes and restart” option. If we now reopen the PC Health Check application, we will see that the equipment is compatible with Windows 11.

semidedicated hosting
Back to top button