Windows 11 Requirements (TPM 2.0, Secure Boot) – How to Check on Your Computer

Windows 11 Requirements (TPM 2.0, Secure Boot) – How to Check on Your Computer

When the topic of Windows 11 system requirements comes up, two features generate the most excitement: TPM 2.0 and Secure Boot. These aren’t just whims of the manufacturer—both mechanisms genuinely enhance the security of the computer’s boot process and make it harder for malware to operate even before the system loads.

TPM 2.0 – What It Means in Practice

TPM (Trusted Platform Module) is a hardware or firmware module that stores and processes cryptographic information. This allows the device to more securely perform tasks such as disk encryption, credential protection, and verification of the boot environment’s integrity. In many computers released in recent years, the TPM is not a separate chip on the motherboard—it is often available as a feature built into the chipset or processor (e.g., Intel PTT or AMD fTPM), though it is sometimes disabled by default.

Secure Boot – Why Is It Required?

Secure Boot is a UEFI feature that ensures only signed, trusted boot components are loaded when the computer starts up. Simply put, it prevents malware from replacing the bootloader and reduces the risk of threats "hiding" during the boot process. Important: Secure Boot works only in UEFI mode (not in the old BIOS/Legacy mode).

When a computer "doesn't meet" the requirements, even though it's new

A fairly common scenario is as follows: the hardware has the necessary capabilities, but TPM or Secure Boot is disabled in the UEFI. This can happen after a firmware update, after changing disk settings (e.g., compatibility mode), or after a reinstallation with an incorrect partition configuration.

How to check for TPM 2.0 on your computer

The most reliable methods are the ones built into the system. Below are a few options—choose the one that works best for you.

Method 1: TPM Management Console (tpm.msc)

Open the "Run" window (shortcut: Windows key + R). Type tpm.msc and press Enter. In the TPM Management window, check the specification version—it should show 2.0. If, instead of details, you see a message stating that no compatible module was found, this does not necessarily mean you don’t have one—it may be disabled in UEFI.

Method 2: "Device Security" in Settings

The system security panel often includes a section on the security processor. There, you can view details, including the TPM specification version. If you see 2.0, the requirement is met.

Method 3: PC Health Check

The official Microsoft app can check your device's compatibility with a single click and clearly indicate what's preventing the installation (e.g., a disabled TPM). It's especially worth running this app if, after making hardware changes, the results in your settings and updates don't match up.

How to check Secure Boot and UEFI mode

Two things matter here: whether the computer boots in UEFI mode and whether Secure Boot is enabled.

Method 1: System Information (msinfo32)

Open "Run" (Windows key + R). Type msinfo32. In the "System Summary" section, locate the "BIOS Mode" field (it should say UEFI) and the "Secure Boot Status" field (enabled/disabled).

Method 2: PowerShell command

In PowerShell running with administrator privileges, you can check Secure Boot using the Confirm-SecureBootUEFI command (returns True or False). This is useful when you want to verify the status on a remote machine or as part of a company procedure.

Note regarding computers in Legacy mode

If "BIOS Mode" is set to Legacy, you won't be able to enable Secure Boot even with modern hardware until your computer boots in UEFI mode. This sometimes means you'll need to convert the disk partition scheme (MBR → GPT) before changing the boot mode. It's important to proceed with caution and back up your data before performing this operation.

What else is included in the requirements for System 11?

TPM 2.0 and Secure Boot are the most frequently discussed topics, but they aren’t the only ones. In short, other important factors include:

Processor, RAM, and disk space

The minimum requirements are a compatible 64-bit processor, at least 4 GB of RAM, and 64 GB of disk space. In practice, if you want to work comfortably, an SSD and more memory are a better choice—especially when using a browser with many tabs open or working with files.

Graphics card and monitor

DirectX 12 support and a WDDM 2.0 driver are required. You’ll also need an HD (720p) display larger than 9 inches.

If TPM 2.0 or Secure Boot is missing – what can you do?

Before you decide that your computer is "too old," go through the list below. In many cases, all it takes is a single change in the UEFI settings.

Check the UEFI settings: TPM/PTT/fTPM

Manufacturers use different names for the same feature. Look for it under tabs such as "Security," "Trusted Computing," "PTT" (Intel), or "fTPM" (AMD). After enabling it, save the settings and restart your computer, then go back to tpm.msc and check the version.

Enable Secure Boot

First, make sure your computer boots in UEFI mode. If so, you’ll find the Secure Boot option in the firmware settings (sometimes under Boot → Secure Boot). Microsoft also describes how to access the UEFI settings from the advanced boot options.

Consider updating the firmware, but do so with caution

Updating the BIOS/UEFI can improve compatibility, fix bugs, and add missing features. However, this is a delicate process: interrupting it could render your computer inoperable. If you don’t feel confident doing this yourself, seek assistance from a service center or a technical specialist.

What if the equipment really isn't compatible?

If your computer does not have TPM 2.0 (and does not offer a firmware-based solution), and the motherboard does not support Secure Boot/UEFI, then forcing the installation of Windows 11 is often only possible by using workarounds to bypass these limitations. Such solutions may carry risks related to updates and security—which is why, for home and business use, it is wiser to consider upgrading your hardware.

FAQ – Frequently Asked Questions

Does TPM have to be a hardware module on the motherboard?

Nie. Wiele komputerów ma TPM zaimplementowany firmware’owo (Intel PTT / AMD fTPM). Efekt dla zgodności z wymaganiami jest podobny – liczy się wersja specyfikacji i poprawne działanie. :contentReference[oaicite:9]{index=9}

Is it possible to check the requirements without installing the app?

Tak. tpm.msc oraz msinfo32 to narzędzia wbudowane, które w większości przypadków wystarczą do diagnozy. :contentReference[oaicite:10]{index=10}

Why check it at all if "everything works"?

Because checking before installation saves time. If your computer has TPM or Secure Boot disabled, you can fix it beforehand, and the installation will go more smoothly and without any frustration.

If you're planning to organize the software on your computer, make sure to keep your login credentials in one place: Windows keys, Office keys—activation is quick and sometimes inexpensive—so when the time comes, just buy them from a trusted store.