Windows 11 was announced today, and one of its minimum requirements was a bit of a surprise to PC builders: TPM 2.0.
TPM, or Trusted Platform Modules, safely store encryption keys, passwords and certificates, as well as ensuring the integrity of your PC. TPM is found in most recent laptops and in enterprise systems, but is less common in custom-build or DIY desktops, or if it exists, it’s often off by default.
And that may cause confusion. We've reached out to Microsoft for more clarity on the TPM 2.0 requirement, but haven't heard back yet.
When I first checked on my desktop using Microsoft's PC Health Checker, which isn't the most recent but far exceeds the minimum requirements by far, I was told I couldn't upgrade.
My gaming PC, which far exceeds the minimum specs, can't run Windows 11, per Microsoft's PC Health Check Have to wonder if that involves TPM 2.0. I've reached out to Microsoft about that pic.twitter.com/K5KcaVmu4NJune 24, 2021
Indeed, I don't have a physical TPM module in my system. But it ends up, there's a workaround.
I fiddled around in the UEFI, where I found a setting to enable Firmware TPM, or fTPM. (In Intel parlance, it will be called PTT, or Platform Trust Technology). On my Asus X370 Prime Pro motherboard, it was under Advanced > AMD fTPM configuration, where I switched from Discrete TPM to enable a Firmware TPM.
Then, I rebooted and returned to PC Health Checker and it said I could install Windows 11 without issue. Of course, to do that, I'll have to sign up for upcoming Windows Insider Builds or wait until the release this holiday.
So, if you don't have a hardware TPM chip, there may be an option to enable fTPM. Just check your BIOS. Do note that in a 2018 document, Microsoft wrote in a security document that "TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature."
I am, however, seeing a number of people who have tried it and aren't seeing the same results. It's unclear yet why that is, and which other settings or specifications may causing issues.
If you have an older piece of hardware in your system that doesn't work with UEFI and requires CSM, it may not work. You may also need to check your your boot drive is in GUID Partition Table format (GPT) rather than Master Boot Record (MBR) for similar reasons.
In 2016, Microsoft wrote that "all new device models, lines or series (or if you are updating the hardware configuration of an existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0."
That means that, over the last four years, plenty of devices and components have been released that should, in theory, support this new Windows 11 requirement. You'll also want to check the lists of AMD and Intel CPUs that are compatible with Windows 11.
Of course, people often keep their gaming desktops for several years, while mostly just upgrading the graphics card. So some people with fairly capable machines may be locked out of Windows 11 without upgrading their CPU platform or at least getting and plugging in a physical TPM module, as not all processors support PTT or fTPM.
Updated June 24 with more clarity on where to enable TPM.
