Virtualization

How to enable TPM and Secure Boot on Hyper-V to install Windows 11 on VM

You can use these steps to enable TPM and Secure Boot on Hyper-V to install Windows 11 on a virtual machine.

Enable TPM on Hyper-V for Windows 11

If you want to install Windows 11 on a virtual machine using Hyper-V, you will have to use a “Generation 2” VM and enable the “trusted platform module” (TPM) and Secure Boot options. Otherwise, the OS won’t install.

Starting with Windows 11, Microsoft changes the system requirement and makes TPM 2.0 and Secure Boot a prerequisite to perform an in-place upgrade or clean install the new version on any device. This is in addition to the new 4GB of RAM and at least 64GB of storage.

A TPM is a hardware that provides cryptographic functions, such as generating and storing encryption keys to enable features like Windows Hello, BitLocker, and others. Usually, it is embedded onto the motherboard, but you may also add it as a separate component. On the other hand, Secure Boot is a firmware technology that protects the boot process to prevent malware (such as rootkits) from hijacking the trusted OS during startup.

If you plan to install Insider Preview builds or running the final version of Windows 11 on a virtual machine using Hyper-V, you need to ensure to enable the TPM and Secure Boot to upgrade from Windows 10 or perform a clean install. Since we are dealing with virtualization, you are not required to physically have a TPM or Secure Boot chips on the computer.

Hyper-V is an optional feature on Windows 10 Pro, which means that you must enable it manually from the “Windows Features.” You can use these instructions to set up the virtualization feature.

In this guide, you will learn the steps to create a virtual machine with support for TPM and Secure Boot to install Windows 11.

Enable TPM and Secure Boot on a Hyper-V VM to install Windows 11

To enable TPM and Secure Boot on a virtual machine to install Windows 11, use these steps:

  1. Open Hyper-V Manager.

  2. Click on the host computer from the left pane.

  3. Select the Windows 11 VM from the right side.

  4. Confirm the “Generation” setting reads “2” in the “Summary” tab at the bottom of the page.

    Hyper-V Generation 2

  5. Right-click the Windows 11 VM and select the Settings option.

    Hyper-V VM context menu

  6. Click on Security.

  7. Under the “Secure Boot” section, check the Enable Secure Boot option.

  8. Use the “Template” drop-down menu and select the Microsoft Windows option.

  9. Under the “Encryption Support” option, check the Enable Trusted Platform Module option to enable TPM to install Windows 11.

    Hyper-V enable TPM for Windows 11

  10. (Optional) Check the Encrypt state and virtual machine migration traffic option.

  11. Click the Apply button.

  12. Click the OK button.

Once you complete the steps, you will be able to install a fresh copy of Windows 11 or upgrade from Windows 10.

Create Hyper-V VM with TPM and Secure Boot to install Windows 11

To create a VM on Hyper-VM with TPM and Secure Boot support to install Windows 11, use these steps:

  1. Open Hyper-V Manager.

  2. Right-click the host computer on the left pane, select the New submenu, and click the Virtual Machine option.

    Hyper-V create Windows 11 VM

  3. Click the Next option.

  4. Specify a name for Windows 11 VM.

    Assign VM name

    Quick note: You can also use the Store the virtual machine in a different location option to choose where to store the VM.
  5. Click the Next button.

  6. Select the Generation 2 option.

    Windows 11 Hyper-V Generation 2 VM

  7. Click the Next button.

  8. Specify the amount of memory for the virtual machine. In the case of Windows 11, you need to assign at least 4096MB.

    Hyper-V assign memory

  9. Click the Next button.

  10. Use the “Connection” drop-down menu and select the Default switch option.

    Configure network for VM

  11. Click the Next button.

  12. Select the Create a virtual hard disk option.

  13. (Optional) In the “Name” option, select a name for the virtual hard disk.

  14. (Optional) In the “Location” option, specify a location to store the virtual machine.

  15. In the “Size” option, specify the size of the virtual hard drive. In the case of Windows 11, you must use 64GB or higher.

    Virtual Hard Disk size

  16. Click the Next button.

  17. Select the Install an operating system later option unless you have the Windows 11 ISO file, in which case, you would select the Instal an operating system from a bootable image file option.

  18. Click the Next button.

  19. Click the Finish button.

  20. Right-click the Windows 11 VM and select the Settings option.

    Hyper-V VM context menu

  21. Click on Security.

  22. Under the “Secure Boot” section, check the Enable Secure Boot option.

  23. Use the “Template” drop-down menu and select the Microsoft Windows option.

  24. Under the “Encryption Support” option, check the Enable Trusted Platform Module option to enable TPM to install Windows 11.

    Hyper-V enable TPM for Windows 11

  25. (Optional) Check the Encrypt state and virtual machine migration traffic option.

  26. Click the Apply button.

  27. Click the OK button.

After you complete the steps, you can perform a clean install of Windows 11 on the virtual machine.