Virtualization

How to enable TPM and Secure Boot on VMware to install Windows 11

VMware Workstation supports TPM and Secure Boot to run Windows 11, and here's how to enable the features on a virtual machine.

VMware Windows 11 VM with TPM and Secure Boot

Although during the development process, Microsoft is not enforcing the security requirements to install Windows 11, eventually, you won’t be able to install the OS on a VMware Workstation virtual machine due to the lack of the Trusted Platform Module (TPM) and Secure Boot.

A TPM is a chip that offers cryptographic functions, such as generating and storing encryption keys to enable features like Windows Hello, BitLocker, and others.

Secure Boot is a firmware technology that protects the boot process so that malware (such as rootkits) cannot attack the trusted OS during startup.

If you plan to install Insider Preview builds or running the final version of Windows 11 on a virtual machine using VMware Workstation, the application includes TPM and Secure Boot options. Since we are dealing with virtualization, you are not required to have the computer components physically.

In this guide, you will learn the steps to enable TPM and Secure Boot on VMware to install Windows 11 on a virtual machine.

Enable TPM and Secure Boot on VM to install Windows 11

To enable TPM and Secure Boot on VMware, use these steps:

  1. Open VMware Workstation.

  2. Select the virtual machine.

  3. Click the VM menu and select the Settings option.

  4. Click the Options tab.

  5. Select the Access Control option.

  6. Under the “Encryption” section, select the Encrypt button.

    Access Control for encryption

  7. Create an encryption password.

  8. Click the Encrypt button.

  9. Click on Advanced.

  10. (Not recommended)Under the “Firmware type” section, select the UEFI option and check the Enable secure boot option (if applicable).

    VMware enable UEFI and Secure Boot

    Warning: Changing the firmware type may cause problems. If you don’t have the VM already with UEFI, it is best to create a new virtual machine instead.
  11. Click the Hardware tab.

  12. Click the Add button.

    Hardware add option

  13. Select the Trusted Platform Module option to run Windows 11.

    VMware enable TPM for Windows 11

  14. Clickick the Finish button.

  15. Click the OK button.

Once you complete the steps, the computer should include the required security components to pass the requirements check to upgrade to Windows 11.

Create Windows 11 VM on VMware with TPM and Secure Boot support

To create a virtual machine with support for TPM and Secure Boot, use these steps:

  1. Open VMware Workstation.

  2. Click the File menu and select the New virtual machine option.

  3. Click the Next button.

  4. Select the latest virtual machine hardware compatibility option.

  5. Click the Next button.

  6. Select the I will install the operating system later option.

    VMware install of later option

  7. Click the Next button.

  8. Under the “Guest operating system” section, select the Microsoft Windows option.

  9. Under the “Version” section, select the Windows 10 x64 option. (If available, select the Windows 11 option.)

    VMware select VM OS option

  10. Click the Next button.

  11. Confirm a name for the Windows 11 VM.

  12. Confirm the location to store the virtual machine.

    Set Windows 11 VM name

  13. Click the Next button.

  14. Under the “Firmware type” section, select the UEFI option.

  15. Check the Secure Boot option.

    VMware enable UEFI and Secure Boot

  16. Click the Next button.

  17. Select the number of processor cores (two or more).

    VM processor settings

  18. Click the Next button.

  19. Specify the amount of RAM (4GB or higher).

    VM RAM settings

  20. Click the Next button.

  21. Select the preferred network connection.

  22. Click the Next button.

  23. Use the default I/O controller types option.

  24. Click the Next button.

  25. Select the virtual disk type option. (NVMe is usually the recommended option, if available.)

    VMware nvme option

  26. Select the Create a new virtual disk option.

  27. Click the Next button.

  28. Specify the disk size in gigabytes (64GB or higher).

    Create 64GB HDD for Windows 11

  29. Use the default settings for the rest of the settings unless you want to use different options.

  30. Click the Next button.

  31. Click the Next button again.

  32. Click the Finish button.

  33. Select the virtual machine.

  34. Click the VM menu and select the Settings option.

  35. Click the Options tab.

  36. Select the Access Control option.

  37. Under the “Encryption” section, select the Encrypt button.

    Access Control for encryption

  38. Create an encryption password.

  39. Click the Encrypt button.

  40. Click the Hardware tab.

  41. Click the Add button.

    Hardware add option

  42. Select the Trusted Platform Module option.

    VMware enable TPM for Windows 11

  43. Click the Finish button.

After you complete the steps, you should be able to install Windows 11 on a virtual machine using VMware Workstation.