Why Does Windows 11 Need TPM 2.0? What is TPM?

Microsoft demands PC users to have TPM 2.0 to install Windows 11. Learn why TPM 2.0 is required to run Windows 11 as an important security feature.
Why Does Windows 11 Need TPM 2.0

Microsoft demands PC users to have TPM 2.0 to install Windows 11. TPM 2.0 is required to run Windows 11, as an important building block for security-related features. TPM 2.0 is used in Windows 11 for a number of features, including Windows Hello for identity protection and BitLocker for data protection. In some cases, PCs that are capable of running TPM 2.0 are not set up to do so. We'll go it much detail in this article.

After Microsoft unveiled Windows 11, it also released system requirements for its newest operating system software. Buried underneath the RAM recommendations and Windows 11 recommended gigahertz (GHz), Microsoft included a curious acronym: TPM. 

This made the trusted platform module, or TPM, a required component for Windows 11 for existing and new devices. In fact, Windows 11 requires TPM 2.0. for several features, including BitLocker for data protection and Windows Hello for identity protection. In some cases, PCs capable of running TPM 2.0 aren’t set up to do so. But there’s more to TPM 2.0 in Windows 11. 

So, let’s dive in and understand what TPM chips and what TPM 2.0 does in Windows 11.

Read: Why upgrade to Windows 11? 

Table of Contents 

What is TPM Chip?

Summary: At its most basic, the TPM is a tiny chip on your computer's motherboard, sometimes separate from the main CPU and memory. 

What id TPM Chip

A trusted Platform Module (PM) chip is a security technology in a computer to increase the computer’s security against software vulnerabilities.

Technically, The TPM is a cryptoprocessor, using a cryptographic key to protect data in a computer. This means an extra addition that increases a computer’s security by adding hardware-based security.

Basically, TPM is a tiny chip on a computer’s motherboard, sometimes separate from the main CPU and memory. It’s akin to the keypad you use to disable your home security alarm every time you walk in the door. Turning on your computer may be the same as opening your front door, and alarms will sound if you don’t lock in a code within a short time (turn on TMP).

How does TPM Work?

Summary: TPM works by creating encryption codes. Half of the encryption key is stored on the TPM chip and the other half is stored on the computer hard drive, so if the TPM chip is removed, the computer will not boot. 

How does TPM work

First, every PC has software security and hardware security to protect your computer and files.

When done well, software security effectively prevents hackers from entering a system. But software is more malleable by nature — its code can be modified — and there's always a chance that a hacker or an exploit can be found. When found, intruders can access your computer and sensitive information. 

This is where hardware security, like TPM, comes.

How does TPM Work

Hardware security, as implied, is hard coded. The cryptographic keys in TPM are impossible to modify unless a hacker somehow knows exactly them in advance.

So, requiring a built-in TPM 2.0 security feature in Windows 11 elevates the standard for hardware security.

The TPM chip communicates with other PC security systems, such as the fingerprint reader, Windows Hello facial recognition, and BitLocker, for data protection to enhance security.

Other programs that will utilize a TPM besides your PC security systems are Outlook, Firefox, and Chrome. 

Why TPM 2.0?

Summary: TPM 2.0 is required to run Windows 11, an important building block for security features, including Windows Hello for identity protection and BitLocker for data protection. In some cases, PCs that can run TPM 2.0 are not set up to do so.

Why TPM 2.0

TMP 2.0 is a version of TPM Chips with better security.

A Microsoft page dating to 2018 points out various security advantages of TPM 2.0 over TPM 1.2. Microsoft notes these advantages as increased support for more modern cryptographic algorithms. These advantages, being better and having been around for some time, make TPM 2.0 a better security version of TPM chips.

And Microsoft has somehow required a TPM 2.0 on Windows 10 PCs since 2016. Why? 

While Windows 11's TPM requirement has brought the technology to the forefront, it isn't a particularly new idea. Windows 10 and Windows 7 both support TPM, and have used them before. It’s even a Windows 10 requirement, but not actually enforced.

In fact, since July 2016, all new Windows PCs manufactured have required default enabling of TPM 2.0. If you bought a PC, desktop, 2-in-1, or any other device with Windows 10 preinstalled, Microsoft required the manufacturer to include TPM 2.0 and enable it by default.

Why does Windows 11 Require TPM 2.0?

Why does Windows 11 require TPM 2.0

First, TPM 2.0 is higher-grade hardware security. Why does Windows demand it?

Windows, being the most popular OS in the world, is an easy target for hackers. Making TPM 2.0, a requirement is a way of increasing hardware security to enhance Windows system (software) security and prevent easy system hacking.

Microsoft affirms this by saying that TPM (TPM 2.0) can protect user credentials and encryption keys, amongst other sensitive data, by adding a hardware-based protective shield. This will keep malware attacks away. 

For example, in Windows 11, Windows Hello uses TPM for identity protection, and BitLocker uses it for data security.

Does my PC have TPM 2.0 support already?

First, if your computer meets theWindows 11 minimum system requirements, it supports TPM 2.0. 

If you bought a PC that came with Windows 10 in 2016 or after, there’s a good chance it has TPM 2.0 already enabled. If it doesn’t, check the manufacturing date could have been before the cut-off date.

But if your computer is older (before 2016), it likely either has the older TPM 1.2 version (which isn’t recommended for Windows 11), has TPM 2.0 but disabled, or has no TPM at all.

If you’re unsure about your PC’s TPM status, you can check in PC settings. Some versions of Windows 10 offer a Security Processor information page in the Windows settings app to show the TPM version and other information.

Does my PC have TPM 2.0 Support

If your PC has a TPM 2.0, but it's not currently enabled, use this Microsoft guide to enable it.

What Do I Do If My PC Doesn't Have TPM 2.0?

For desktop or PC users that may not have TPM 2.0, you can add the functionality by buying a compatible module for your motherboard. You’ll need to search for your motherboard model and see if the manufacturer released a compatible TPM. 

Apparently, TMP prices have increased since Windows 11 unveiling. For example, an Asus TPM that was sold for $14 on Amazon now sells at $40+ on the used market. Also some manufacturers have also stopped production of TPMs, but production may likely start up again given the recent surge in demand. 

If you can procure a compatible TPM module, all you have to do is find the TPM pins on your motherboard and stick it in. Then remember to enable it in the BIOS menu to enable you to upgrade to Windows 11.

You need to have TOM 2.0 to give you access to Windows 11 because Windows 10 End of Life is soon: October 2025.

How to Enable TPM 2.0 on your PC

Up to now, you understand that the TPM 2.0 chip requirement in Windows 11 is controversial. The chip, usually found on a PC's motherboard, is an important element, alongside Windows 11 RAM needs. It’s a security chip that handles encryption for your fingerprint, other biometric data, and things like Windows BitLocker. Usually, TPM 2.0 is turned on by default on most PCs and is found in most modern systems purchased in the last few years. But it’s either turned off on older devices or missing at all.

The steps to enable TPM 2.0 in BIOS vary based on the PC manufacturer. Microsoft details them here.

First, Check for TPM 2.0 using the Windows Security App:

  1. Run Settings > Update & Security > Windows Security > Device Security
  2. From Device Security, check the Security Processor Details. If you don’t see a Security processor section on this screen, your PC may have a TPM disabled. [See How to enable TPM below.]
  3. If you can see TPM, complete the next step to verify that it is a TPM 2.0.
  4. If you see an option for Security processor details under Security processor, select that and verify that your Specification version is 2.0.
  5. If you see a spec that's lower than 2.0, then your device can't run Windows 11.

Now, Get to BIOS to enable TPM for your PC.

To enable TPM 2.0 on a PC:

  1. Run Settings > Update & Security > Recovery > Restart now. Your system will restart.
    Recovery restart

  2. On the next screen, you'll choose Troubleshoot > Advanced Options > UEFI Firmware Settings
  3. Click on the Restart button. This will boot your PC into the system BIOS to check on TPM 2.0.
    TPM 2.0
    You'll want to look for a specific submenu in the System BIOS. This is different for various systems. On most systems, the TPM settings can be found under settings labeled Advanced Security, Security, or Trusted Computing. Navigate to these menus using either the keyboard combinations listed on the screen or the mouse if your BIOS supports it.
  4. Once you're in the respective BIOS menu, you can check the box or flip the switch for one of the following options.
    • TPM 2.0 can be labeled differently as one of these options: Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.
  5. If you're unsure if you're checking the right box for TPM 2.0 settings, you can check with the support documents from your PC’s manufacturer. 
  6. Exit BIOS. Once you enable TPM 2.0, exit the BIOS using the commands listed at the bottom of the screen (usually, you just press Esc).
  7. Save the setting. You'll be prompted to Save and Exit. Your system will then restart and boot you back into Windows.

You can then proceed and install Windows 11

Can I install Windows 11 in an Unsupported System without TPM 2.0?

If you have a computer with unsupported hardware, you can still upgrade to Windows 11, but not through Windows Update. Instead, you will have to use a bootable USB flash drive or ISO file to manually perform a clean install or in-place upgrade.

Microsoft left the loophole open, but it doesn’t mention it anywhere in the documentation, nor is it supported. According to the company, installing Windows 11 on unsupported hardware is an option for organizations. However, anyone could upgrade at their own risk knowing there is no guarantee of system stability and driver compatibility.

Read our guide, What Happens if You Install Windows 11 on Unsupported Hardware for further detail. 

In short, Installing Windows 11 on a device that does not meet Windows 11 minimum system requirements is not recommended. If you choose to install Windows 11 on ineligible hardware, you should be comfortable assuming the risk of running into compatibility issues.

In Conclusion,

Although controversial, the TPM 2.0 chip requirement in Windows 11 is an important element. It’s a hardware security chip responsible for encryption for your fingerprint, other biometric data, and things like Windows BitLocker.

Only install Windows 11 on supported devices to improve your security level.

Now, if you’ve read this article up to here, we thank you :) But one more thing…

Ask us any other questions left unanswered. We have experts who would love to help or just visit our help center or blog sections. 

Also, subscribe to our newsletter to keep up with everything tech, get Windows, Office, and productivity software at wholesale prices, and troubleshooting articles. 

Finally, please share this article with your friends and colleagues using the social media buttons therein.

Editor’s Recommended Articles

» How To Fix the “This PC Can’t Run Windows 11” Error
» Microsoft's new emoji are now available in Windows 11
» The Ultimate Guide to Windows 11
» The Ultimate Windows 11 Review: Windows 11 vs Windows 10 differences
» Microsoft Windows 11 Review: It's time to Upgrade Now