How to Check and Enable TPM For Windows 11 Update

What is TMP and how to effectively check and enable TPM for Windows 11 update? This article will provide you with the most detailed update activation guide.

Posted by @Dervish December 17, 2024 Updated By @Dervish December 13, 2023

One of the necessary conditions for updating Windows 11 is that your computer must support TPM 2.0. If you want to know whether your computer supports TPM 2.0, you can first check your computer to see if it supports TPM 2.0. If it is not supported, then you need to upgrade the TPM. Below we will learn more about what TPM is and how to check and enable TPM for Windows 11 update.

What is TPM?

TPM, we usually called Trusted Platform Module, also called ISO/IEC 11889, is an international standard for secure encryption Key to protect the hardware.

In 1999, many IT giants such as Compaq, HP, IBM, Intel, and Microsoft jointly initiated the establishment of the Trusted Computing Platform Alliance (TCPA).

In 2003, Nokia, Sony and other companies joined TPCA, and TPCA was renamed the Trusted Computing Group (Trusted Computing Group, TCG). These companies hope to specify the relevant standards and specifications of trustworthy computers in terms of cross-platform and operating environment hardware and software., and proposed TPM specifications. The latest version of TPM is currently 2.0.

What does TPM do on your Windows computer?

TPM has a wide range of functions. As a hardware protection key, it is mainly used for device identification, identity verification, encryption, and device integrity verification. Regardless of the operating system of the TPM, it is to ensure the integrity of the platform. When the computer starts, it starts with a combination of trusted hardware and software and continues until the operating system is fully started and the application program starts to run. With a TPM installed, your Windows computer can be protected via some key functions:

1. Secure Storage of Keys: TPM securely stores encryption keys, passwords, and other sensitive information in a dedicated hardware module. This helps protect against certain types of attacks that might attempt to extract such information from the software or memory.

2. Hardware-based Encryption: TPM supports hardware-based encryption and can be used to perform cryptographic operations, making it more resistant to certain types of attacks compared to software-based solutions.

3. Secure Boot: TPM plays a role in the secure boot process, ensuring that the computer only boots from trusted and verified firmware and operating system components. This helps prevent unauthorized or malicious code from running during the boot-up sequence.

4. Remote Attestation: TPM enables a feature known as remote attestation, allowing a system to prove its integrity to a remote entity. This can be useful in networked environments where a remote server needs to verify that a computer is in a trusted state before granting access.

5. Device Identity and Authentication: TPM can be used to establish a unique identity for a device, contributing to the authentication process. This can enhance the security of systems by ensuring that only trusted devices are allowed access to certain resources.

6. BitLocker Drive Encryption: TPM is commonly used in conjunction with BitLocker, the disk encryption feature in Windows. BitLocker can use the TPM to store the encryption keys, helping to protect the data on the computer's hard drive.

What's more, TPM can also achieve platform integrity through Microsoft Office 365 licensing and Outlook Exchange, and ensuring the integrity of TPM mainly lies in the firmware and operating system. The Unified Extensible Firmware Interface (UEFI) can use TPM to form a root of trust. For example, TPM creates a trust chain for the Trusted Execution Technology (TXT), which can remotely prove that the computer is using the software of the specified hardware.

In addition to being used for the startup process and hard disk encryption, TPM can also encrypt system logins and application software logins. For example, the login information and passwords of our commonly used MSN can be encrypted by TPM before transmission. This can effectively prevent our personal information and passwords from being stolen.

The difference between TPM1.2 and TPM 2.0

TPM 2.0 was officially released in April 2014, and it has been revised and updated since then, and its function is also more powerful than the previous TPM 1.2. So what are the differences compared with the old version 1.2? 

Versions TPM 1.2 TPM 2.0
Features TPM 1.2 provides fundamental security features, including secure storage of keys and support for basic cryptographic operations.  It has a more limited set of commands and capabilities compared to TPM 2.0. TPM 2.0 introduces additional and more advanced cryptographic functions, providing a broader set of security features. It has an expanded set of commands, allowing for more sophisticated security protocols and applications.
Functionality TPM 1.2 is primarily focused on basic security functions such as key storage and basic cryptographic operations. TPM 1.2 is based on the specifications developed by the Trusted Computing Group. TPM 2.0 is designed to be more versatile and capable, supporting a wider range of security applications and protocols. And it enhances the capabilities of remote attestation, allowing for more comprehensive integrity checks.
BitLocker Compatibility TPM 1.2 is commonly used in conjunction with Microsoft's BitLocker encryption feature for securing data on Windows computers. TPM 2.0 has better compatibility for BitLocker encryption. You can encrypt USB and other portable drives.
Manufacturer Specific Commands   TPM 2.0 allows for vendor-specific commands, enabling manufacturers to implement custom features and functionalities.
Increased Security   TPM 2.0 includes enhancements to security features, making it more resilient against certain types of attacks compared to TPM 1.2.

In summary, TPM 2.0 builds upon the foundation laid by TPM 1.2, offering a more versatile and secure platform with advanced cryptographic capabilities. TPM 2.0 is designed to meet the evolving security needs of modern computing environments, providing support for a broader range of applications and security protocols. If you're considering the security features of a device, having TPM 2.0 is generally preferable due to its improved capabilities and expanded functionality.

How to check if there is TPM 2.0 on your computer

This was a very exciting thing for Microsoft users when Windows 11 was released. But many problems follow. For example, the computer is not compatible with Windows 11. The update requirements show that if you need to update your computer system to Windows 11, then your computer must support TPM 2.0 and UEFI secure boot because they are necessary conditions for updating to Windows 11.

If you need to update your computer system to Windows 11, you need to check whether your computer supports one of the requirements for updating Windows 11 One TPM 2.0. If it does not exist, your computer cannot update the system to Windows 11; if it does, please check whether it is disabled. If it is disabled, please enable TPM 2.0 to upgrade to Windows 11.

Method 1: Enter tpm.msc in the run window

1. Press “Windows+R” key on the keyboard to start the running window.

2. Enter “tpm.msc” in the run window, and then click “OK”.

3. After opening the local computer trusted platform module (TPM) management, you may see the following two situations:

One situation is that Configures the TPM and it's support by the Windows platform are displayed in the TPM Management on Local Computer module, and the status is: The TPM is ready for use (representing enabled). How to check if it is TPM 2.0 version? Just check that the Specification Version value in the TPM Manufacturer Information is 2.0, then it means that your computer supports the use of TPM 2.0 to upgrade to Windows 11.

One situation is that Compatible TPM cannot be found appears on your computer, which means that your computer does not meet the standards for upgrading Windows 11.

Method 2: Check for TPM for Windows 11 through the Windows Security

1. Click the Windows icon in the lower right corner of the computer and select Settings.

2. Then select “Security & Update”.

3. Then select “Windows Security”.

4. Find the security device to see if there is a TPM displayed.

Note: ● If you do not find the secure processor, it may be that your computer has a disabled TPM. In this case, you need to enable TPM or check the manufacturer’s support information of your computer to obtain information about the secure processor. ● If you can enable TPM, please verify whether it is TPM 2.0. If the TPM version is lower than 2.0, your computer cannot update Windows 11.

Tip: For how to upgrade TPM 1.2 to TPM 2.0, please read the following “How to Upgrade TPM 1.2 to TPM 2.0 for Windows 11”.

How to enable TPM 2.0 on the computer

When the computer supports TPM 2.0, but it is disabled, what should I do at this time?  You can Enable TPM 2.0 on the computer Settings. The specific operation is as follows:

1. Press “Windows+I” to, then open Security & Update, click “Recovery” in the left menu bar, and then click "Restart now" in the advanced startup.

2. After clicking Restart now, the system will enter the option stage, and then select “Troubleshoot”.

3. Select "Advanced options".

4. Select "UEFI Firmware Settings".

5. Click "Restart".

6. After restarting, enter the BIOS, and then go to the Security Settings, this time select the TPM Configuration option.

7. If you find that TPM 2.0 is disabled, you can enable it. After enabling TPM, you can exit the settings and restart the computer.

How to upgrade TPM 1.2 to TPM 2.0?

If we check that the TPM version of the computer is 1.2, then the computer cannot update the system to Windows 11, so we need to upgrade the TPM version to 2.0. How to upgrade TPM 1.2 version to 2.0? This depends on your computer supplier’s upgrade countermeasures for TPM. For this, you can ask for help on the official website of the computer. Below we will take Dell as an example to show you how to update the TPM 1.2 on your computer to 2.0.

Steps to upgrade TPM 1.2 to 2.0 on Dell:

1. Open the Dell official website and find the Dell product support page.

2. Then enter your service tag or enter your product model.

3. Click the Driver and Download tab.

4. Select Security from the drop-down category box.

5. Find the Dell TPM 2.0 firmware update utility.

6. If the Dell TPM 2.0 update list is listed, you can run the update TPM.

How to install Windows 11 without TPM 2.0

In the previous content, we talked about how the computer supports TPM 2.0 to update Windows 11. What should I do if my computer does not support TPM 2.0 for Windows 11? We can use the installation disk to install Windows 11, and boot from the installation disk to enter the process of installing Windows 11. At this time, you can choose to overwrite the original system upgrade installation, which means that we can bypass the UEFI boot detection to achieve the purpose of installing Windows 11.

Conclusion

In this article, we explained what TPM is and the relevant information about TPM 2.0 necessary to upgrade Windows 11, and demonstrated how to check and enable TPM for Windows 11 update, and how to upgrade TPM 1.2 to 2.0 to update Windows 11 method. TPM is an important device to protect the security of the system, and TPM 2.0 is a version that must exist when the system is updated to Windows 11. Therefore, to check whether your computer is compatible with Windows 11, and how to start TPM, please read this article carefully, there are answers you want.