The official release of Windows 11 is imminent–it launches on October 5–and it’ll bring along with it a new look and lots of new gaming features. Most of the system requirements are pretty easy on modern systems, save one: TPM 2.0. Many computers have it, but some others don’t or have the previous standard, TPM 1.0. Below, we go over what it is, what it does for your computer, how to know if you have it, and how to turn it on if you do.
What is TPM and why do I need or want it?
TPM stands for Trusted Platform Module. It’s a secure cryptoprocessor that lives on your motherboard or in your processors. It uses hardware-level encryption to protect your device and the data stored on it by protecting the encryption keys your computer generates. It’s a physical device that can’t be changed through software, which Windows can use to ensure that your data is secure and remains untampered.
TPM helps to make sure your encrypted drive stays encrypted, that malware can’t access the fingerprint information you have stored on your laptop, and things like that. While Windows 11 requires it, it’s also present in Windows 10 and even Windows 7. In addition to the operating system itself making use of it, applications like browsers, antivirus, and email clients can use TPM as well.
How to know if you have TPM
There are two easy ways to check right from Windows whether or not TPM 2.0 is enabled.
PC Health Check
Head to your Start Menu and type in “PC Health Check.” There should be an application by that name that you can boot up, which you can use to see if your PC is ready for Windows 11.
If you get the dreaded red X, click through to the results to see what’s missing; the application only gave a simple yes or no just after Microsoft announced Windows 11, but the company has since beefed up the feedback so that you know which requirements are unfulfilled, whether it’s Secure Boot, TPM 2.0, your processor, RAM, or hard drive space.
Device Security menu
If you’re confident that you fulfill all the other system requirements, you can open the Windows Security menu. Just like with the Health Check, click on Start and type in Windows Security. In that menu, click on Device Security in the left menu.
You’ll see an icon of a chip there, with a very, very small green checkmark if you already fulfill the TPM requirements. You can click on Security Processor Details for more information.
If you’ve purchased a laptop or pre-built computer (Dell, Asus, etc.) between 2016 and now, you’re almost certainly set. Microsoft requires that TPM be enabled in all computers sold since then. Those of us who built our computers are the ones who will have to do a little digging.
Despite all the consternation around this requirement, TPM in general and TPM 2.0 are very common. If you have a work computer with a BitLocker-encrypted drive, for example, you have TPM. Microsoft has an official list of officially supported processors for both AMD and Intel. The list goes back three generations for both, including Intel’s 8th Gen CPUs and AMD Ryzen 2000-series CPUs, and all of these will support TPM 2.0 in one way or another.
Why does Windows 11 require TPM 2.0?
So why is Microsoft going so hard on TPM 2.0? In short, having a TPM 2.0-enabled computer and a system built for it like Windows 11 raises the security bar across the board on your PC. Logging in and encrypting your drive becomes easier.
But more importantly, TPM 2.0 can help guard against some of the nastiest malware out there, rootkits. Some rootkits load even before your OS does, giving those in control the access to infect just about any aspect of your operating system or applications. With cybersecurity becoming more and more important, Microsoft seems to be interested in increasing the security profile of its OS for everyone using it rather than waiting to make sure that absolutely everyone can get on board.
How to turn on TPM
If you built your computer yourself, there are two options. Many of the above-listed processors have TPM 2.0 functionality built into the processor’s firmware, and it’s just a matter of turning it on in the BIOS/UEFI. For that, you’ll just want to search for your motherboard’s instructions. On my MSI motherboard, for example, it’s as simple as the following:
- Boot into the configuration menu
- Heading to the Trusted Computing menu under the Security section
- Turn on “AMD CPU fTPM”
Many motherboard manufacturers now have pages specifically addressing how to turn this on on supported boards. If your chip doesn’t have TMP built into its firmware, you may need to add a piece of hardware to your system. If that’s the case, your motherboard manual will indicate where on the board you’d plug that chip in. TMP 2.0 modules are available on sites like Amazon and Newegg for under $50.
What if I can’t turn on TPM?
While people are constantly finding hacks to make the yet-unreleased Windows 11 run on computers without TPM 2.0, it’s important to keep in mind that’s not how Microsoft intends the OS to run. That means that you may not be able to get updates, that updates may not function correctly, or that some aspects of the operating system will behave strangely. Safety is not guaranteed, of course–cybersecurity is an arms race between hackers and security specialists. But it significantly improves your odds.
The upside is that Windows 10 still works fine and is a great OS. Microsoft plans to continue supporting the operating system through 2025, which gives you plenty of time to upgrade if necessary. Chances are that if you don’t have access to TPM 2.0, you’re running an older system; as applications and games begin to make better use of modern hardware–utilizing multiple cores, being built with DirectStorage in mind (currently Windows 10 supports it, but as it evolves that may change), and things like that–that system will begin to feel more and more outdated, and that upgrade will become a necessity.