The newest version of Windows is finally here, but there’s a confusing new requirement if you want to upgrade from Windows 10: Your computer will need to have a security feature enabled called TPM. You’ve probably never heard of it until now, but your machine may have it already—it just might be off by default. If you’re having trouble upgrading an otherwise compatible device, one little switch could be to blame.
What Are TPM and Secure Boot?
Microsoft’s Windows 11 system requirements mention a new requirement that wasn’t present in past versions of the operating system: a Trusted Platform Module (TPM). More specifically, it requires TPM 2.0, which was first released in 2014.
The TPM is sometimes a chip that’s built directly into the hardware of your device, or—more commonly for consumer PCs—a type of firmware your processor supports. TPMs are tamper-resistant, which makes it incredibly difficult for someone to steal any of the data it stores or the cryptographic keys it generates.
The reliability and security of this chip form what’s referred to as a “hardware root-of-trust.” Essentially, the TPM is an element your system can always trust to be secure, like the fireproof lockbox in your house where you store important documents. This enables security features that can help protect your computer like encrypting your storage drives or using logins like fingerprints or facial recognition. This is only possible because there’s a safe place on your computer to store the encryption keys or biometric data that wouldn’t be safe to store otherwise.
One of the many features a TPM enhances is Secure Boot. This feature prevents malware from running when you first start up your computer by only allowing software that’s cryptographically signed to run when you turn it on (though you can turn it off if you need to).
Why It’s Required for Windows 11
For all the confusion about this new requirement, it’s not actually that new. Microsoft has required TPM 2.0 in new prebuilt PCs manufactured since 2016 that run any version of Windows 10 for desktop. If you bought a Windows 10 device from a store in the past several years, there’s a decent chance you’re already covered and that you can install Windows 11 right now. Just head to Settings > Windows Update > Check for Updates.
However, that still leaves out a large number of computers on the market. Custom-built PCs, for example, can use motherboards and processors that don’t include a TPM or don’t enable it by default. Many Windows devices are protected, but some aren’t and that makes it harder to consistently roll out security features.
One major example of this is Microsoft’s attempts to end passwords for Microsoft accounts altogether. Passwords are, paradoxically, difficult for humans to remember and often easy for attackers to get past. The company has pushed alternatives to passwords that use authenticators on your phone, biometric data, or even a PIN which—if stored in a TPM—can be more secure than a password and easier to use.
While some of these features are possible on devices without a TPM, they’re more secure if you have one. Requiring the TPM on all Windows 11 devices lets Microsoft set a security floor. The downside is that it might leave some people with otherwise capable computers behind. For Microsoft, that’s a tradeoff worth making.
How to Turn On TPM and Secure Boot
Leaving behind older PCs when a new version of Windows comes out isn’t new, but this particular requirement has left a lot of people confused because some computers that should be capable of running Windows 11 just fine are supposedly incompatible.
That’s partly because early versions of the PC Health Check app, which is Microsoft’s downloadable tool that tells you if your hardware qualifies for the upgrade, simply threw an error if TPM wasn’t enabled on your device. Fortunately, the most recent version will tell you if TPM is the problem. You might run into this issue if you built your PC yourself or got someone else to do it for you. Many motherboards are TPM compatible, but some gaming motherboards skimped on the feature in favor of other bells and whistles.
