How to enable TPM 2.0 on AMD and Intel motherboard BIOS for Windows 11

TPM 2.0 is an essential requirement to upgrade from Windows 10 to 11, and here's how to enable it on your computer.

Avatar for Mauro Huculak
By (@Pureinfotech) , Windows How-To Expert and IT Specialist with 21 years of experience.
Pureinfotech Logo
Enable TPM 2.0 on PC
Enable TPM 2.0 on PC / Image: Mauro Huculak

The Trusted Platform Module (TPM) 2.0 is a mandatory hardware requirement that must be enabled on your computer’s Unified Extensible Firmware Interface (UEFI) to upgrade to Windows 11, and in this guide, I’ll outline the steps to complete this configuration

On Windows 11, TPM 2.0 is a security chip integrated into the motherboard of many modern computers, such as those from Asus, Dell, MSI, ASRock, and Gigabyte, and it provides a secure environment for storing and protecting sensitive cryptographic keys, passwords, and certificates, making it more difficult for malware, ransomware, and attackers to compromise your system compared to software-based security alone.

Some features that use the TPM feature include BitLocker, Credential Guard, Windows Hello, Device Health Attestation (DHA), Virtual Smart Card, Measured Boot, and Autopilot.

This security hardware works with the Secure Boot feature to verify the integrity of the boot process. It ensures that only trusted and signed firmware and operating system components are loaded during startup, preventing unauthorized or malicious code from running. (Secure Boot is not technically a requirement to install or run Windows 11.)

In this guide, I will teach you the steps to check and enable TPM 2.0 to install Windows 11 on a system currently running Windows 10.

Check if your PC has a TPM 2.0 security chip

On Windows 10, you have at least two ways to determine if your computer has a TPM chip using the Trusted Platform Module Management console and the Windows Security app.

From TPM Management

To check if TPM 2.0 is present and enabled for Windows 11, follow these steps:

  1. Open Start.

  2. Search for tpm.msc and click the top result to open the “Trusted Platform Module (TPM) Management” app.

  3. In the “Status” and “TPM Manufacturer Information” sections, confirm that TPM and its version are present.

    Trusted Platform Module Management console

If the device includes a Trusted Platform Module, you’ll notice the hardware information and its status. Otherwise, if it reads “Compatible TPM cannot be found,” the chip is disabled in the motherboard’s firmware, or the device does not have a compatible security module.

From Windows Security

To check if TPM 2.0 is present using the Windows Security app, follow these steps:

  1. Open Start.

  2. Search for Windows Security and click the top result to open the app.

  3. Click on Device security.

  4. Click the Security processor details page.

    Security processor details

  5. Confirm the Specification version reads 2.0.

    Specification version 2.0

If the “Security processor” page is missing, then the module is disabled in the motherboard’s firmware, or the device does not have a compatible security module.

Enable TPM 2.0 on your PC for Windows 11

To enable TPM 2.0 in the ASUS, MSI, Gigabyte, ASRock, and other motherboards’ BIOS, follow these steps:

  1. Open Settings.

  2. Click on Update & Security.

  3. Click on Recovery.

  4. Click the Restart now button under the “Advanced startup” section.

    Advanced startup restart option

  5. Click on Troubleshoot.

  6. Click on Advanced options.

  7. Click the “UEFI Firmware settings” option.

    UEFI Firmware Settings

  8. Click the Restart button.

  9. Click on the Advanced Security or Trusted Computing menu. Sometimes the option is available inside a sub-menu.

  10. Select the TPM 2.0 option and choose the Enabled option. 

    Enable TPM 2.0 on UEFI

It’s important to note that the option could have different names, such as Security Device, Security Device Support, or TPM State.

If the motherboard doesn’t have a TPM chip but you have an AMD-based system, the security chip is likely built into the processor. The option will then appear as “fTPM” (firmware-based TPM 2.0), “AMD PSP fTPM” or “AMD fTPM switch.”

If the device is an Intel-based system, TPM 2.0 will be available as “Intel Platform Trust Technology” or “Intel PTT.”

If the computer does not have a TPM option and this is a custom build, you may be able to purchase a module to add the support. However, you should consult the manufacturer’s website to confirm that support is available.

Legacy BIOS to UEFI consideration

If you have a computer running Windows 10 but uses the legacy BIOS (Basic Input/Output System), you will have to switch the firmware type to UEFI to enable the TPM 2.0 feature.

However, in this case, the current setup may be configured with the MBR (Master Boot Record) partition table, while UEFI requires a GPT (GUID Partition Table) configuration. 

If this is your case, you’ll need to convert the partition table from MBR to GPT on your Windows 10 installation, then switch from legacy BIOS to UEFI. Only then can you enable TPM 2.0 using the above instructions.

Lastly, I’m focusing this guide on Windows 10 because if the security feature isn’t already enabled, you cannot install or run Windows 11.

About the author
Avatar for Mauro Huculak

Mauro Huculak is a Windows How-To Expert and founder of (est. 2010). With over 21 years as a technology writer and IT Specialist, Mauro specializes in Windows, software, and cross-platform systems such as Linux, Android, and macOS.

Certifications: Microsoft Certified Solutions Associate (MCSA), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), and CompTIA A+ and Network+.

Mauro is a recognized Microsoft MVP and has also been a long-time contributor to Windows Central.

You can follow him on YouTube, Threads, BlueSky, X (Twitter), LinkedIn and About.me. Email him at [email protected].