Windows 11 requires Trusted Platform Module 2.0 (TPM 2.0). This chip is dedicatedtohandling cryptographic tasks,which Windows leverages for several of its security features. For example,Windows 11 uses the TPM 2.0 chip whenever you log in with your fingerorface via Windows Hello and when encrypting data.

What Is the TPM in Windows 11?

The term Trusted Platform Module (TPM) refers both to an international standard that describes the specifications of a microprocessor dedicated to performing security tasks and to any chip conforming to those standards.

When you hear that a PC has TPM, that means it has a chip that meets the TPM standards, orit contains firmware that allows the main CPU to perform the same functions. In most cases, the TPM chip is mounted directly on a PC's motherboard, but you can also add TPM to a computer by installing an expansion card.

The TPM standard itself was developed by a group of technology companies, including PC manufacturers like IBM and HP, chip manufacturers like Intel, andsoftware companies like Microsoft. After the group released TPM 1.0, the updated TPM 1.2 arrived in 2009, followed by TPM 2.0 in 2014.

The TPM standard ensures that any PC with a TPM chip can perform specific security tasks. For example, a chip that conforms to the TPM standard needs to, among other things, have a random number generator, generate cryptographic keys, and encrypt and decrypt data.

What Is TPM 2.0?

TPM 2.0 is the version of the TPM standard that was released in 2014 and was the most recent version of the standard when Windows 11 was released. The term also refers to chips that conform to the standard.

TPM 2.0 is capable of performing a variety of cryptographic tasks like encrypting and decrypting data and authenticating hardware. In computers that have TPM 2.0 firmware instead of a dedicated TPM 2.0 chip, you can typically enable TPM 2.0 in the UEFI.

Since TPM 2.0 was introduced in 2014, computers built prior to that don't have it. However, it is possible to add TPM 2.0 to a computer by installing an expansion card. It's also possible to emulate TPM 2.0, which is how you can run Windows 11 on Mac using Parallels.

What Does TPM 2.0 Do in Windows 11?

TPM 2.0 performs a lot of security-related functions, and it starts the moment you turn on your computer. During the boot process, Windows uses the TPM chip to verify the integrity of the operating system before it ever loads. If it detects irregularities, the boot process stops and allows you to repair Windows to avoid loading an operating system that may have been altered without your knowledge.

The TPM 2.0 chip also plays a part in the Windows logon process if you use Windows Hello. The chip is instrumental in encrypting and storing your biometric data, which consists of your fingerprint or face scan, and checking the scan against that record when you try to sign in.

Once you're signed into Windows 11, TPM 2.0 allows anti-malware software to check the integrity of the OS in the same way that the system is checked during the boot process. Since malware doesn't start running until Windows has loaded, or loads alongside Windows, this can allow your anti-malware software to identify and eliminate rootkits and other malicious software.

How to Tell if Your Computer Has TPM

If your computer was built after 2014, it may have TPM 2.0. If it was built more recently, then it's even more likely. If you aren't sure, the easiest way to find out is to perform the Windows 11 compatibility check.

You can also check to see if you have a TPM inSettingsby navigating toUpdate & security>Windows Security>Device security>Security processor details. Look for theSpecification version, which will say1.0, 1.2, or 2.0if you have a TPM. If you don't have a TPM at all, then the security processor details section will be blank.

What to Do if You Don't Have TPM 2.0

If your computer doesn't have TPM 2.0, then you should continue using Windows 10. There is a workaround that will let you install Windows 11 without TPM 2.0, but it isn't safe. Microsoft won't provide updates and support to users who use the bypass method, and a lot of Windows 11 security features won't work.

You can add TPM 2.0 to a computer that doesn't have it via an expansion card if you can locate one that's compatible with your motherboard. If you go that route, you can install the card and then enable TPM 2.0 in the BIOS or UEFI. Before you do that though, it's worth checking to see if your computer supports firmware TPM 2.0 already. You can do that by loading the UEFI and looking for an option to enable TPM 2.0.

After you've installed a TPM 2.0 card or enabled it in the UEFI, you can upgrade to Windows 11 without any issues. However, if you aren't able to add TPM 2.0 to your system, you're better off sticking with Windows 10 as long as Microsoft continues to support it.

• How do I enable TPM 2.0?

  You can turn on TPM -or verify that it's on -by entering the UEFI/BIOS at startup. You can find TPM inAdvanced or Security. The "on" setting for TPM isOn, Enabled, or Firmware TPM, depending on your model of computer.

• How do I install Windows 11 without TPM?

  TPM is a crucial part of Windows security, so you shouldn't install the operating system without it unless your computer doesn't have the chip. You can do a workaround, but understand that it's risky to your computer and Windows. In the Registry Editor, typeHKEY_LOCAL_MACHINE\SYSTEM\Setup, and then right-clickSetup>New>Key, and name the new key LabConfig. Then, right-click the key and selectNew>DWORD (32-bit), and set values forBypassTPMCheck, BypassRAMCheck, and BypassSecureBootCheck to 1. After this, you should be able to install Windows 11.