Enable TPM on Windows 10 and Windows 11 PC Tutorial

Staff

This tutorial will show you how to enable Trusted Platform Module (TPM) on your Windows 10 and Windows 11 PC.

Windows 10 will reach end of support on October 14, 2025, so you will need to upgrade to Windows 11 by then to keep current.

One of Windows 11 system requirements is Trusted Platform Module (TPM) version 2.0 or higher.

Devices made with Windows 11 support will have TPM enabled by default, but older Windows 10 devices may have an older TPM than TPM 2.0, TPM disabled by default, or does not have a TPM at all.

You will need to enable TPM 2.0 on your PC if available to meet Windows 11 system requirements before being able to upgrade or install Windows 11 on your device.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the advantages of using TPM technology are:

Generate, store, and limit the use of cryptographic keys.
Use it for device authentication by using the TPM's unique RSA key, which is burned into the chip.
BitLocker Drive Encryption or Device Encryption: Automatically encrypts the computer drive to keep your data safe.
Data Execution Prevention: Prevents unauthorized applications like malware from running in memory.
Windows Hello: Secure user authentication without a password.
Secure Boot and Measured Boot: Block malicious drivers and rootkits from intercepting the boot process of the Operating System. Help ensure platform integrity by taking and storing security measurements of the boot process.

The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.

References:

Trusted Platform Module Technology Overview - Windows Security

Learn about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.

learn.microsoft.com

Enable TPM 2.0 on your PC - Microsoft Support

Learn how to check if your PC is capable of running TPM 2.0 or how to enable TPM 2.0 to upgrade to Windows 11.

support.microsoft.com

Here's How:

1 Boot to UEFI Firmware Settings.

2 Depending on your PC/motherboard manufacturer, open the Advanced, Security, or Trusted Computing tab to find the PCH-FW Configuration type sub-menu to open. (see screenshot below step 3)

3 Depending on your PC/motherboard manufacturer, enable the Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology setting. (see screenshot below)

If you are unsure how to make any needed changes to the TPM settings, It is recommend that you check your PC manufacturer’s support information or contact their support organization. Below are links to information from some PC manufacturers to help you get started:

Asus
Dell
HP
Lenovo
Microsoft Surface