News Windows 11's TPM Requirement Surprised PC Builders, but You Can Enable It in BIOS

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.
Colif said:
Passport works perfectly fine without TPM enabled. I have been using a PIN for the last 8 months and only today enabled TPM in bios. So it might help passport but passport is able to create unique keys without needing tpm.
Click to expand...
Same with Windows Hello. For WINDOWS 10, TPM is not needed for a bunch of stuff, including Bitlocker and UEFI secure boot. I suspect that these will change with Windows 11. Virtual Smart Card, some parts of Windows Defender already need TPM, so I expect the list to grow unless MS turns off a lot of their new security features.
 
anonymousdude said:
I can't imagine they keep this requirement when they officially release. What are you gonna do for all the people that have a newish PC and all of a sudden you're told by Microsoft that you can't upgrade to or run windows 11 even though they could by changing a setting? It's gonna be a headache for everyone involved.
Click to expand...
I am pretty computer savvy and it took me a couple of hours to figure out how to enable TPM in my BIOS, along with a dire warning about how losing the BIOS ROM or my CPU will brick the computer. Note that even my 2-year-old mobo/CPU combo had TPM/PTT turned OFF by default. Going to be a mess.
 
I just updated my bios, went in and noticed I have to enable secure boot to enable TPM but when I enable secure boot it stops recognizing the NVMe drive that I use as a boot drive.
 
I have an ASUS x570 motherboard with an AMD Ryzen 5 3600. At first when I tried the MS PC Health Check, it said I do not meet requirements for Windows 11.
After going into advanced settings in UEFI and changing it from discreet to firmware TPM (I just searched BIOS for TPM), the Health Check says my PC now meets the hardware requirements.
 
  • Like
Reactions: Makaveli and peachpuff
The article speaks to an amd system. If you know, Can you explain how to enable Tpm without the hardware module on Intel z490 and z590 systems? As it stands my z490 system is saying no tpm security module found... so there's nothing to enable in the bios.

Edit: On Intel Systems we must merely enable Platform Trust Technology (PTT). Once enabled on my z490, Windows 11 now claims it can be installed. Also had to enable secure boot as well. This is going to be HELLA confusing for many many people. Microsoft needs to get out in front of this NOW or else the process will be a disaster.
 
Last edited:
Yes, this is a mockery of a sham of a travesty. Bad press all around on three letters. This didn't need to be. And the CPU requirements on the Intel side, at least, must be incomplete. That's even more of a joke.

If it was so important to have TPM, why aren't they backporting the requirement to 21H2?

And I can't even imagine the outcry when let's say in August or September, a sizeable percentage of Insiders on the Dev channel are told "Sorry, you need to reformat and put on Win10. Have a nice day."
 
  • Like
Reactions: electronicsguy
Reclusive Eagle said:
Ok so I have a i5 9600k (Microsoft lists intel 8th gen and up as compatible) and an MSI Gaming Plus Z390 motherbaord.
Motherboard does not have TPM (has socket for external one) but the 9600k has a dTPM.

The health app is garbage and says I am not compatible (TPM disabled). My question is am I compatible? Do you specifically NEED PTT TPM 2.0 or does dTPM 2.0 work as well??? I have Secure boot with UEFI+Legacy support
Click to expand...
I'm in a very similar boat as you - i5 9600K in a Gigabyte Z390 GAMING X (not even 2 years old) - it sounds like Gigabyte didn't feel that TPM was going to be a thing a few years back.
Update - I did find an Intel PTT setting that isn't enabled - it appears that it might be PTT is related in some way to TPM...
Update2: enabling PTT has now allowed me to access the tpm.msc but I mabye simply now be short on C: drive space as it's still not giving me the thumbs up...
Update3: No thumbs up yet. TPM 2.0 is showing in my Win 10 install; I have 70GB free now on my main partion; 16GB RAM; a 24" monitor; a RTX2060 which certainly supports DX12; a Mincrosoft account and Internet - only thing is the UEFI issue... I wish the check gadget told you exactly what was missing :-(
 
Last edited:
I have Gigabyte Z390 AORUS MASTER rev 1.0 .... Do you know how i enable the TPM? I don't find any option on bios menu ... i have the latest Bios update file F11n
 
saudor said:
Interesting how lowly ATOM processors can get the update but an i5 6600k with 32 GB RAM cannot, despite also having TPM 2.0 support.

Looks like they took a page out of Apple on this one!
Click to expand...
macOS Monterey can be installed on the following devices:

MacBook (Early 2016 and newer);
Mac mini (late 2014 and newer);
MacBook Pro (Early 2015 and newer);
iMac (late 2015 and newer);
MacBook Air (Early 2015 and newer);
iMac Pro (2017 and later);
Mac Pro (late 2013 and newer).
Windows 11 accepting only 8 gen intel is ridiculous
 
let the "TPM disaster" begin...

It's not true that all newer PCs have the ability to enable the TPM function. I checked with Microsoft Win11 compatibility tool my 2020 system...NOT COMPATIBLE.

In my case a Zotac ZBOX NANO C621 (Ryzen 3200U) don't have the option to enable TPM at all. It was "later" removed from BIOS. I contacted also technical support, same answer, "product NOT TPM compatible". The product was LAUNCHED on market on Jan-Feb 2020!! and the ryzen 3200U is in the win11 compatibility list

The option to enable TPM according to Microsoft 10 minimum harware requirements specs is required since 2016 on all products! https://download.microsoft.com/download/c/1/5/c150e1ca-4a55-4a7e-94c5-bfc8c2e785c5/Windows 10 Minimum Hardware Requirements.pdf

"3.7 Trusted Platform Module (TPM)As of July 28, 2016, all new device models, lines or series must implement and be in compliance with the International Standard ISO/IEC 11889:2015 or the Trusted Computing Group TPM 2.0 Library and a component which implements the TPM 2.0 must be present and enabled by default from this effective date."

but for some strange reason on my system Zotac decided to removed it, now if they don't do something or Microsoft change the requirements (and not only for some months just to calm down the situation and then later reintroduce it lets say with Win 11 22H1...) I can only say what a rip-off...thanks Zotac!! For sure I will post this everywhere I can...

I think it is very useful to remind everyone the minimum hardware requirements for windows 10 with effect from July 28, 2016, in case other manufacturers have done the same as my case. If PC manufacturers do not care and affix the logo "compatible windows 10" on products while not true, violating the rules, probably Microsoft has also to do something and take care of the thing (Zotac is not an obscure chinese brand...).

This case that I have exposed, I think is a precise example of the "chaos" in which we have been living for some years. Everyone does what they want, you just hope you don't get screwed too much....
 
Last edited:
It worked for me

11Vtq8l.jpg
 
  • Like
Reactions: electronicsguy
anonymousdude said:
I can't imagine they keep this requirement when they officially release. What are you gonna do for all the people that have a newish PC and all of a sudden you're told by Microsoft that you can't upgrade to or run windows 11 even though they could by changing a setting? It's gonna be a headache for everyone involved.
Click to expand...
Windows 10 still has support until 2025. And even after support ends, you just won't get security updates unless something major happens and forces Microsoft's hand (like that fix against that one ransomware way back when)

rseiler said:
If it was so important to have TPM, why aren't they backporting the requirement to 21H2?
Click to expand...
Because Microsoft wants an alternate path for people to still use a supported Windows. Also it probably affects the bootloader more than anything and I don't think bootloaders get changed that often.
 
They're going to remove TPM 2.0 as a requirement upon launch, or even in future insider builds. Screencap this.
 
For those who wonder what happens to their firmware TPM when they flash a BIOS update: I just did this myself, to find out. My system is a Ryzen 7 2700X + Gigabyte X470 Aorus Gaming 7 Wifi.

Obviously, you might have to re-enable the firmware TPM, just like you have to restore any other non-standard BIOS options. But other than that, what happens?

I've been using Bitlocker, and it's been secured by my fTPM. So flashing my BIOS should be interesting. . .

So first, I did not disable fTPM first, nor did I suspend Bitlocker or decrypt my drive. I just left my BIOS as it was, and then I updated it.

When I rebooted my computer, Bitlocker Recovery asked me for my long recovery key, as expected.

Then, when I tried to log into Windows, it said that "something was wrong", so it asked me to enter my Microsoft username and password, rather than just my PIN. Then it asked me to authenticate my second factor, which happens to be an alert on my phone. So it was just like when I try to log into my Microsoft account from a new computer; it went through the whole "2 factor authentication" bit.

Next, I rebooted my computer to see what would happen. When I rebooted, Bitlocker Recovery asked for my recovery key again. So I entered it again.

This time, in Windows, I went into Bitlocker Management and clicked the "Change how drive is unlocked at startup" option. I went through the wizard again, just to re-initialize Bitlocker's unlock procedure.

Then I rebooted again. This time, Bitlocker did not ask for my recovery key.

So basically: on a Gigabyte X470 Aorus Gaming 7 Wifi motherboard, you do not have to disable fTPM before flashing the BIOS, nor do you have to suspend Bitlocker or decrypt your drive. Just have your Bitlocker recovery key ready, then be prepared to have to go through the full 2 factor authentication to log into Windows, and then go into Bitlocker management and reset the unlocking method. However, you might have to re-enable fTPM, if flashing the BIOS wipes out any non-standard configuration settings.
 
Reclusive Eagle said:
Does anyone know if dTPM 2.0 works? My motherboard doesn't have PTT TPM 2.0 but my 9600k has discrete tpm 2.0 as a setting in BIOS
Click to expand...

I am wondering this myself, or do you actually have to have a physical TPM module plugged into the TPM header on your motherboard? If you have to have actual TPM hardware attached to your motherboard, you better find the one that works with your board now, while you still can, before they all get bought up and aren't available again until the semiconductor backlog clears.
 
Last edited:
Joseph_138 said:
I am wondering this myself, or do you actually have to have a physical TPM module plugged into the TPM header on your motherboard?
Click to expand...

A firmware TPM is enough, according to the Windows PC Health compatibility checker. So Intel's PTT and AMD's fTPM both satisfy Windows 11.

But if your BIOS doesn't have PTT/fTPM as an option, and if running "tpm.msc" doesn't show any sort of TPM installed, then you'll have to install a physical TPM.

Setting dTPM or "discrete TPM" only works if you have a physical TPM installed. Enabling a discrete TPM if you don't actually have a discrete TPM won't accomplish anything.

The purpose of enabling dTPM is to disable PTT/fTPM. I.e., your system should only have one TPM, so if you install a physical TPM, you might need to enable dTPM in order to disable the virtual/firmware PTT/fTPM. But just enabling dTPM without physically installing a TPM won't accomplish anything.

An analogy: the BIOS sometimes lets you select which PCIe slot contains the primary video output. But selecting "PCIe 1" won't accomplish anything if there's no graphics card there. You can't magically turn an empty PCIe slot into a graphics card merely by selecting "PCIe 1" as the primary video out. You still have to install a graphics card. So too with dTPM.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom