Windows 11 and enabling TPM 2.0

[SpyderTracks]

So a lot of you will by now have received the notification in windows update that your device isn't eligible for Windows 11 because TPM 2.0 isn't available.

The good news is that most motherboards since 2016 have a firmware TPM built into the motherboard which you can switch on on a toggle setting in the BIOS

To access the BIOS, easiest way is through windows:

How to access BIOS or UEFI on Windows 10 PCs

If you want to change the way your PC boots up and behaves then you'll need to access the BIOS. We show you how to do this on a Windows 10 PC.

www.techadvisor.com

Then once your in the BIOS, all you have to do is find the fTPM or Firmware TPM or PTT and toggle it to on. This differs almost by motherboard, but certainly by manufacturer, but there's a brief summary of what to look out for below:

Gigabyte boards: https://chillblastassist.freshdesk....articles/79000125962-gigabyte-enable-amd-ftpm

Asus boards:

If you have any trouble, post below and we can help out.

 

[RAYANDB]

I get this message when enabling TPM "Any change in the TPM in the BIOS or UEFI gives a fair warning that when the recovery key is lost or the BIOS ROM chip is replaced, the system will not boot into the OS, and data will stay encrypted and cannot be restored.
What is the Recovery Key?

 

[SpyderTracks]

I get this message when enabling TPM "Any change in the TPM in the BIOS or UEFI gives a fair warning that when the recovery key is lost or the BIOS ROM chip is replaced, the system will not boot into the OS, and data will stay encrypted and cannot be restored.
What is the Recovery Key?

TPM activates encryption. If the computer fails and you need to get the hardrive booted kn another machine you need the code to unlock the encryption, that's what the code does.

 

[Harag]

TPM activates encryption. If the computer fails and you need to get the hardrive booted kn another machine you need the code to unlock the encryption, that's what the code does.

Quick question. I've not going into the BIOS so not seen the message first hand. does the message display a recovery key I need to note down?

 

[SpyderTracks]

Quick question. I've not going into the BIOS so not seen the message first hand. does the message display a recovery key I need to note down?

No. That's in Windows. The BIOS TPM is just an on / off switch.

 

[Harag]

No. That's in Windows. The BIOS TPM is just an on / off switch.

Ahh thanks for that, guess it's the recovery key for the bitlocker then. Cheers.

 

[andmil72]

Thanks for this post. I have just updated TPM on both my AMD/Gigabyte PC and my Intel/ASUS PC. For others looking at this I will say that my BIOS menus were NOT exactly the same as those shown in the guides above, but the guides gave enough useful pointers for me to drill down and find the correct sub-settings to change to make the PCs Windows11 ready.

Once the BIOS was changed nothing else happened so I assume that disk encryption will not actually happen until Win11, and we will have the opportunity to set it up then.

 

[SpyderTracks]

Thanks for this post. I have just updated TPM on both my AMD/Gigabyte PC and my Intel/ASUS PC. For others looking at this I will say that my BIOS menus were NOT exactly the same as those shown in the guides above, but the guides gave enough useful pointers for me to drill down and find the correct sub-settings to change to make the PCs Windows11 ready.

Once the BIOS was changed nothing else happened so I assume that disk encryption will not actually happen until Win11, and we will have the opportunity to set it up then.

There's no disk encryption unless you manually set it.

TPM purely stores across keys and tokens encrypted including encryption keys

 

[Inkerman993]

Thanks for this thread - really helpful!

 

[carlton_beasby]

Please forgive my ignorance of matters TPM !

I found the TPM stuff fine in the BIOS settings after finding a Microsoft article. If I enable TPM to allow the change from W10 to W11, will I be prompted to record a passcode for encryption if I need to recover ? Do I need to set a password ?

Many thanks.

 

[SpyderTracks]

Please forgive my ignorance of matters TPM !

I found the TPM stuff fine in the BIOS settings after finding a Microsoft article. If I enable TPM to allow the change from W10 to W11, will I be prompted to record a passcode for encryption if I need to recover ? Do I need to set a password ?

Many thanks.

TPM is purely for storing keys, not related to encryption.

 

[carlton_beasby]

TPM activates encryption. If the computer fails and you need to get the hardrive booted kn another machine you need the code to unlock the encryption, that's what the code does.

So with TPM activated and an upgrade to Windows installed, does W11 require me to password protect this other machine hardrive access or can I elect not to ?

 

[SpyderTracks]

So with TPM activated and an upgrade to Windows installed, does W11 require me to password protect this other machine hardrive access or can I elect not to ?

As above, you're talking about encryption, nothing to do with enabling TPM, you're talking about bitlocker which is something entirely different.

Bitlocker would only be enabled if you specifically enabled it yourself, plus you'd need a windows pro license to have bitlocker.

 

[Paul1964]

So with TPM activated and an upgrade to Windows installed, does W11 require me to password protect this other machine hardrive access or can I elect not to ?

Simple answer: No password protection required.

 

[carlton_beasby]

Simple answer: No password protection required.

Thank you Paul.