TPM 2.0 and Secure Boot: What they are and how to enable them in Windows 11

TPM 2.0 and Secure Boot: What are they and how to enable them in Windows 11? This question has been a headache for more than one user who has wanted to upgrade to Windows 11 from Windows 10. If you're still not entirely sure, Here we tell you everything you need to know about it.

TPM 2.0 and Secure Boot: Two requirements for installing Windows 11

This year marks the fifth anniversary of Windows 11's release in October 2021. Since Microsoft announced the official requirements for installing it, criticism has been mounting. Two of the mandatory elements for upgrading to Windows 11 are: have hardware with TPM 2.0 and have the Secure Boot feature enabledThe problem? A large percentage of computers don't meet these requirements.

Older equipment, especially those manufactured before 2015, not only lack TPM 2.0 and Secure Boot, but they can't even activate them. This has left more than one person looking for alternatives to Windows 11, and has opened up a field of opportunity for OSes like Chrome OS Flex or Linux distributions gain ground.

For its part, Microsoft insists that TPM 2.0 and Secure Boot are essential elements to ensure the digital security of Windows 11 usersThese two stricter hardware requirements strengthen protection against cyber threats. Their goal is to safeguard the integrity of the operating system and prevent firmware-level attacks. To better understand each one, let's look at what each one entails.

What is TPM 2.0?

TPM stands for Trusted Platform Module, in Spanish, Trusted Platform Module. It is nothing more than a security chip designed with advanced cryptographic features to protect confidential information on your computer. This module is located on the computer's motherboard and is used to generate and store cryptographic keys, passwords, digital certificates, fingerprints, and other sensitive data.

Exclusive content - Click Here How to fix slowness issues in Windows 11 and improve performance

The latest version of this chip is the TPM 2.0, which offers significant improvements in terms of security and performance. Some of its principal functions are:

Secure storage of encryption keys used for authentication and data encryption.
It helps authenticate the platform, ensuring that the device's software and hardware have not been tampered with.
Provides protection against boot attacks, reducing the risk of malware infections that attempt to modify the system's boot process.
Improves login security and data protection with support for Windows Hello and BitLocker.

Obviously, Windows 11 requires TPM 2.0 and Secure Boot for installation due to the security benefits it provides. Without these components, some safety and security features would not be available., which increases the risk of vulnerabilities. But let's now look at what the Secure Boot feature is.

What is Secure Boot?

Secure Boot is not a hardware component, like TPM 2.0, but rather a security feature of the UEFI/BIOS firmware. What this feature does is protect the computer's boot process from running malicious softwareIn other words, it prevents unauthorized or tampered programs from modifying your system before Windows 11 starts.

Exclusive content - Click Here How to access C drive in Windows 11

With this feature active, you ensure that Only run programs and drivers digitally signed by trusted manufacturers. In addition, Secure Boot is supported by the program Windows Defender Device Guard, which restricts the operation of uncertified applications. It's clear that Microsoft is looking to add new and improved layers of security to its flagship operating system.

How to enable TPM 2.0 and Secure Boot in Windows 11

With the end of official support for Windows 10 right around the corner, you'll probably want to upgrade to Windows 11 now. Not sure if your computer meets the TPM 2.0 and Secure Boot requirements? You can You can check their status and easily activate them manually by going to the UEFI/BIOS settings. of the team. Let's see how.

Check if TPM 2.0 is enabled

To Check if your computer already has TPM 2.0 enabled, you just have to follow these steps:

Press the Start (Win) + R keys, type tpm. msc and hit Enter.
In the window that appears, look for the TPM status. If you see a message indicating it's available and ready for use, it's already activated.
If, on the other hand, it is not available, you have to activate it from the UEFI/BIOS settings. To do this, follow these steps:
1. Restart your computer and access the BIOS or UEFI by pressing the specific key (Esc, Del, F2 or F10 depending on the manufacturer).
2. Look for the option related to TPM, Security o Trusted Computing.
3. Enable TPM 2.0 and save changes before exiting the BIOS.
4. Restart your computer and run tpm.msc again to verify that TPM is enabled.

Exclusive content - Click Here How to change the main display screen in Windows 11

Enable Secure Boot in Windows 11

The first is Check if Secure Boot is already enabled on the computer. This is done like this:

Press Start (Win) + R, type msinfo32 and press Enter.
In the System Information window, look for the Secure Boot status. If it appears as Enabled, it's already working.
If not, you have to activate it from the UEFI/BIOS following these steps:
1. Restart your computer and enter the BIOS or UEFI.
2. Look for the Boot or Security section.
3. Locate the Secure Boot option and activate it by checking Enable.
4. Save the changes and restart the PC.

As you can see, enabling TPM 2.0 and Secure Boot in Windows 11 is nothing out of the ordinary. If both options are available on your device, you just have to activate them by following the steps described. On the other hand, if your PC can't handle Windows 11, you might want to take a look at the procedure to Install Windows 11 on an unsupported computer.

Now that you know what TPM 2.0 and Secure Boot are, you understand why Microsoft has established these requirements for its operating system. It's not just a technical requirement, but a major improvement in the security of the entire systemBoth technologies protect your computer against advanced attacks and ensure software integrity from the moment it boots. Therefore, if you haven't yet activated them, following the steps mentioned will allow you to improve your PC's security and take full advantage of all the features of Windows 11.

Andres Leal

Since I was very young I have been very curious about everything related to scientific and technological advances, especially those that make our lives easier and more entertaining. I love staying up to date with the latest news and trends, and sharing my experiences, opinions and advice about the equipment and gadgets I use. This led me to become a web writer a little over five years ago, primarily focused on Android devices and Windows operating systems. I have learned to explain in simple words what is complicated so that my readers can understand it easily.