How to Enable TPM 2.0 and Secure Boot for Windows 11 in UEFI

Enable TPM 2.0 and Secure Boot

If you’ve run Microsoft’s PC Health Check and been told Windows 11 doesn’t officially support your PC, there’s a chance you need to enable TPM and Secure Boot on your PC. Here’s how.

Windows 11 Requires enable TPM 2.0 and Secure Boot

For some PCs, the root of the problem with PC Health Check is that they have Secure Boot and TPM disabled in UEFI, which is the basic system that allows your operating system to work with your PC hardware. Many people still call UEFI their “BIOS,” even though that term technically refers to an older standard.

After enabling TPM and Secure Boot, it’s possible your PC will pass the Windows 11 compatibility check if it meets all the other system requirements.

RELATED: What Are The Minimum System Requirements To Run Windows 11?

How to Enable TPM 2.0 and Secure Boot in UEFI

To enable TPM and Secure Boot in your UEFI, first, you’ll need to shut down your device. When you turn it back on, there will be a special keyboard key or button you’ll need to press at just the right time to get into your UEFI settings.

RELATED: What Does A PC’s BIOS Do, And When Should I Use It?

The exact key you’ll need to press varies depending on the manufacturer, so you’ll need to either consult your device’s operating manual or perform a web search for your device name along with  “bios key” or “UEFI key.” For some motherboards (especially if you built your own PC), you might see a small message on the screen at boot telling you which key you need to press to enter BIOS settings.

For example, on an Acer Spin 3 laptop we have, you access the UEFI configuration menu by powering up the laptop and pressing F2 on the keyboard when you see the “Acer” splash screen.

Once you’re in your UEFI setup screen, instructions will also vary dramatically on how exactly to enable Secure Boot and TPM, but in general, you’re looking for “Security” or “Boot” options.

In this example Setup Utility by American Megatrends (your setup will likely look different), you can find the TPM options under the “Security” tab. Look for “TPM” and make sure it’s enabled. If not, change the settings in your particular UEFI to enable it.

Enable TPM 2.0 and Secure Boot in UEFI
Benj Edwards / How-To Geek

Similarly, in our example UEFI, we can find our Secure Boot settings under the “Boot” tab. Look for the “Secure Boot” option and make sure it’s enabled.

Enable TPM 2.0 and Secure Boot in UEFI
Benj Edwards / How-To Geek

After that, make sure you save the changes you’ve made to your UEFI before you exit the configuration utility (you can usually select “save and exit” as one of the options).

If you don’t see anything about TPM or Secure Boot on your computer’s UEFI or BIOS settings screen, your PC may be too old to have these features.

After exiting, your PC will restart and Windows will load. When you run the check again, you will hopefully pass the test. If these features are enabled and your PC still doesn’t pass the check, there’s another reason why your machine is incompatible with Windows 11.

RELATED: What’s The Difference Between Windows 10 And Windows 11?

What Are Secure Boot and TPM Anyway?

Secure Boot is a UEFI feature that only allows signed operating systems to work, which can help protect you from malware. Aside from checking your BIOS, you can check System Information within Settings to see if your system supports Secure Boot.

Similarly, TPM (short for “Trusted Platform Module”) helps with security by providing encryption of your data thanks to a special chip inside your machine. Most machines built after 2016 include the TPM 2.0 chip required to run Windows 11.

To check your TPM chip, you can press Windows+R, type


, and press Enter. In the TPM management console that appears, you’ll find information on your PC’s TPM module, and you’ll see its version number under “Specification Version.”