Windows 11 TPM: What is it & Why do You Need it?

by Claudiu Andone
Claudiu Andone
Claudiu Andone
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home... read more
by Claudiu Andone
Claudiu Andone
Claudiu Andone
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home... read more
Affiliate Disclosure
  • Windows 11 requires TPM 2.0 to install but that's simple to overcome as shown in our guide.
  • The Trusted Platform Module is a chip that ensures boot-up protection for your computer.
  • You can easily check if you already got technology available on your device and turn it on.
  • If you don't have the physical device, you are able to bypass the requirement in no time.
All you need to know about Windows 11 and TPM

Since the Windows 11 leak and installation tests, TPM (Trusted Platform Module) stole a bit from the center stage and became the no.1 enemy for early adopters.

It all started when more and more users reported that they couldn’t install Windows 11 because they received a TPM 2.0 error.

It all became too obvious that the TPM 2.0 chip is a mandatory requirement for Windows 11. However, Microsoft announced that some systems will be able to run the OS without it.

Update: TPM 2.0 and VBS are key for next-gen security on Windows 11

The long wait is over and Windows 11 is available starting today. There has been, of course, a lot of buzz around the integrated security features and the rather strict system requirements criteria it brings with it.

The latest talk has been centered around the Virtualization-based Security (VBS) feature and how it can adversely affect gaming performance even on CPUs officially supported by the OS.

Supposedly, VBS is set to on by default in clean Windows 11 installs, and Microsoft had this to say about it:

What we learned from [Windows] 10 is, if you make things optional, people don’t turn them on. They assume that if it was necessary, it would be on. And so I think that’s a big learning. What we put into 11 is [that] we are going to secure you by default.

Even if someone gets admin-level privileges—the highest level of privilege—they still can’t read what’s in this separate VM. It’s the exact same premise as how the cloud works today—you can be on a hardware machine with your bitterest rival, and you cannot read coded data across. We use that exact same technology shrunk down [for Windows 11].

Redmond officials also talked about the TPM 2.0 requirement in Windows 11 and how all of this together will help Microsoft realize its vision for the future of the OS and Windows PCs:

A lot of this initial release of Windows 11 is not the end goal—it’s the first click stop on our journey. We’re saying, ‘we can now guarantee you have a TPM. That means I can go and make sure every app developer is now storing credentials and keys in hardware.

More applications can support passwordless by default. More applications can do data encryption. More applications can have zero trust protections, because we’ve got that virtualization-based capability to report on their integrity.

Back when it had announced its Windows 11 system requirements, the Redmont giant claimed that the added security measures led to reduced malware infestation by 60%.

What is TPM 2.0?

The Trusted Platform Module is a little chip that can be embedded in a CPU or can be separated, and it’s not only dedicated to computers.

It is installed in a lot of security devices like the alarm system from your house for instance. If you don’t get the code right to your system, this chip will trigger the alarm.

Of course, there are simpler and more complex ones and, in a computer, this chip is there to supply a cryptographic key which is a code.

If everything is OK, the encryption for the drive is unlocked and the PC starts normally like it normally does.

If your device was stolen and the wrongdoer is trying to steal the data from your encrypted drive, the key won’t work and the PC won’t boot.

TPM types and uses

Now, a lot of apps use this TPM module for different purposes. For instance, e-mail clients use it for encrypted or key-signed messages.

Some browsers use it to maintain SSL certificates for websites but basically, at the start-up level, they are used for boot-up protection.

However, there are two additional types of TPMs. As we said before, TPMs can come as a physical component in the CPU, but they can also be just a code that runs in firmware.

Expert tip:

SPONSORED

Some PC issues are hard to tackle, especially when it comes to missing or corrupted system files and repositories of your Windows.
Be sure to use a dedicated tool, such as Fortect, which will scan and replace your broken files with their fresh versions from its repository.

This encoding method is almost as good as a discrete chip because it’s isolated in a contained environment from the rest of the programs.

There is another, virtual type of TPM that is not recommended for use because it is vulnerable to any modifications, therefore, inefficient as a security system.

What do I need to do to check if my computer has TPM 2.0?

  1. Type tpm.msc in Windows search and click on the app from the results.
  2. Now, look at the specification version from the bottom right corner of the screen. If it says 2.0, you’re fine.

Yes, Windows 11 needs TPM 2.0 to install on your PC but before jumping to any conclusions or make any purchases, do a Windows 11 TPM check by performing the steps above.

However, there are many issues why your PC might not be able to run Windows 11. If you want to make sure that you can, run the PC Health Check app.

We have an excellent article on how to download PC Health Check, install and use the app so go ahead and try that.

Turn on TPM 2.0

  1. Type tpm.msc in Windows search and click on the app from the results, just like we did in the solution above.
  2. Click on the Action tab and select Turn on TPM.

For some reason, even if you do have TPM, it can be turned OFF. On some computers, you can’t even do that but if you can, you can check that by using the very simple steps above and turn it ON.

If your TPM is malfunctioning for some reason, you can also check out our expert guide to fix that problem quickly.

What do I do if I don’t have TPM 2.0?

You can install Windows 11 without TPM 2.0

TPM 2.0 was introduced in 2014 but that doesn’t mean that if your computer was made in 2016 you already have it. However, there’s a slim chance you don’t.

But if you don’t, don’t worry because we have a great article that will help you with a Windows 11 TPM 2.0 bypass, even if you don’t have the chip.

This Windows 11 TPM workaround is, however, a temporary solution and we don’t know if Microsoft will decide to do something against it or not.

Buy a TPM chip

Of course, the workaround provided above might not function for a long time so you need to plan ahead.

And in this instance, planning ahead is either buying a device that is TPM ready, or buy a TPM module for your computer.

Luckily, we also gave a nice guide about TPM chips, where to buy them from, and even a price comparison so you will know exactly what to do.

If you want to go to the next level, you should know that there are also a lot of motherboards that come with an embedded TPM chip.

To make sure that you will get it right, check our list including the best gaming motherboards that you can purchase right now. Then, let us know your choice in the comments area below.

This article covers:Topics: