How to Enable Secure Boot to Install Windows 11, The methods to check and enable the security features on your computer are listed. Windows 11 must be installed with TPM 2.0 and Secure Boot enabled.
As part of the setup process, if you intend to update to Windows 11, you must first check and enable TPM 2.0 and Secure Boot in the BIOS (UEFI) of your computer’s motherboard (made by Asus, Dell, MSI, Gigabyte, etc.).
The necessity for Secure Boot and the Trusted Platform Module (TPM) version 2.0 on Windows 11 is one of the biggest changes.
TPM 2.0 and Secure Boot are required, according to Microsoft, to improve security and stop (or at least lessen) sophisticated assaults, widespread malware, ransomware, and other threats.
What is TPM
When encrypting the hard drive using features like BitLocker, TPM is a piece of hardware that is typically (but not always) incorporated into the motherboard and provides a safe environment to store and protect the encryption keys.
Secure Boot, on the other hand, is a module that makes sure the device only boots using software that the maker trusts.
You will discover how to check and enable TPM 2.0 and Secure Boot to install Windows 11 in this instruction.
How to Enable Secure Boot to Install Windows 11
Check if TPM 2.0 is present on Windows 10
- Click on Start on the Windows 10 system.
- Search tpm.msc.
- Tap on the first result to open the Trusted Platform Module(TPM) Management tool.
- Confirm the TPM is present.
- Choose a version.
- You can view the status and hardware details if the machine has a TPM chip.
- Otherwise, if it says “Suitable TPM cannot be identified,” either the device lacks a compatible Trusted Platform Module or the chip is disabled on the UEFI.
Enable TPM 2.0 in BIOS for Windows 11
- Open Settings.
- Select on Update & Security.
- Tap on Recovery.
- Now click the Restart Now button, just below the Advanced Startup.
- Tap on Troubleshoot.
- Click on Advanced options.
- Tap on the UEFI Firmware settings option.
- Click the Restart button.
- Now tap on the advanced, security, or boot settings page, which depends on the motherboard.
- Click TPM 2.0 option.
- Now select the Enabled option.
The module may be incorporated into the CPU if your motherboard doesn’t have a TPM chip and you’re using an AMD processor; in that case, the choice will say “fTPM” (firmware-based TPM 2.0) or “AMD fTPM switch.”
Platform Trust Technology (TPM 2.0) will be accessible if the system is Intel-based (PTT).
If this is a custom-built computer without a TPM option, you might be able to buy a module to add the functionality.
When you finish the procedures, the Windows 11 check should succeed, enabling you to upgrade the computer’s operating system.
Check if Secure Boot is present on Windows 10
- Click on Start.
- Search for system information.
- Click on top Result.
- Open the app.
- Tap on System Summary.
- Check the secure boot state information.
- Confirm the feature is turned on.
If the security feature is enabled after you finish the procedures, you can continue with the Windows 11 installation.
If not, you must follow the instructions in the UEFI firmware to enable it.
Enable Secure Boot in BIOS for Windows 11
- Click on settings.
- Tap on Update & security.
- Click on Recovery.
- Now tap on Restart Now button, just below the advanced startup section.
- Click on Troubleshoot.
- Tap on Advanced options.
- Click UEFI Firmware Settings option.
- Again Click Restart button.
- Go to advanced, security or boot settings page, which depends on the motherboard.
- Select Secure boot option.
- Tap on the Enabled option.
Secure Boot is almost always included on devices with UEFI hardware, but if it isn’t, you’ll need to upgrade the operating system or think about buying a new computer that complies with Windows 11 standards.
The computer must pass the hardware verification procedure once you’ve finished the steps in order to proceed with an in-place update or a fresh installation of Windows 11.
If your computer has a legacy BIOS, you must first change the drive from MBR to GPT before switching to UEFI mode and turning on Secure Boot.
If you don’t enable the more recent firmware, the computer won’t start. The conversion is not necessary if you are trying to make a clean installation, but it is necessary if you want to upgrade from the Windows 10 desktop.
- How to Fix Windows 11 Black Screen Issues
- How to Run Windows 11 on Unsupported PC
- How to Downgrade Windows 11 to Windows 10
A module called Secure Boot ensures that only trusted software is used to boot the device. Before installing Windows 11, check to see if Secure Boot is activated on your computer. If not, use the UEFI firmware’s instructions to do so.
You might be able to purchase a module to add the functionality if your computer was manufactured just for you without a TPM option.
People May Ask
Does disabling Secure Boot prevent me from installing Windows 11?
You’ll have the option to choose and install a Windows 11 version once your USB disc has been booted. Additionally, it will pass security checks without having Secure Boot or UEFI enabled in the BIOS.
Is TPM the same as Secure Boot?
Secure Boot is incorporated into the UEFI firmware, unlike TPM, which is typically a hardware component installed on your motherboard.
Without TPM, can Windows 11 be installed?
Before choosing to boot from media, make sure your device satisfies the minimal system requirements. Windows 11 will only install if you have at least TPM 1.2 (rather than the minimum system need of TPM 2.0), and it will not check if your processor is on an approved CPU.
Does my motherboard have a TPM?
Windows+R will open a run dialogue box, which you can use to access it. The utility will start when you enter tpm.msc and hit Enter. Your PC does have a TPM if you can see information about it, including a notification in the bottom right corner of the window indicating which version of the TPM specification your chip supports.
Is TPM 2.0 on the CPU or the motherboard?
With the Trusted Platform Module (TPM) 2.0 requirement for Windows 11, Microsoft created a lot of misunderstanding. Hardware encryption is provided by TPM, a special motherboard chip, for features like Windows Hello and BitLocker.