With the release of Windows 11, Microsoft aims to upgrade the security of your PC in today’s online and work from home world. However, Microsoft has set two requirements to install Windows 11 and that relate to enabling the Secure Boot and TPM. Therefore, if you are someone struggling to install Windows 11, this guide will help you do just that.
Why Does Windows 11 Need Extra Security?
In simple words, Secure Boot happens to be a part of UEFI, which is basically a new interface between your BIOS and OS. The main objective of Secure Boot is to prevent malware from damaging your PC. The older interface was the CSM and for Windows 11, changing the interface to UEFI is necessary.
On the other hand, the Trusted Platform Module or TPM are embedded chips on motherboards and enterprise type notebooks. The purpose of these chips is utilizing keys to secure hardware.
Furthermore, if you have purchased a PC after 2016, it might have TPM 2.0 but if it is older than that, then the TMP version might be 1.2 or there might be no TPM at all.
How to Check the Secure Boot?
To check Secure Boot, you need to click on “Start” and search for “System Information”. Then, click “System Summary” and look for “Secure Boot State”. If it reads “On”, it means that the Secure Boot is enabled, however, if it reads “Off”, it is either disabled or not available. Next, check the “Bios Mode” and make sure it reads “UEFI”.
How to Enable Secure Boot on Windows 10?
If your computer has UEFI, you can enable Secure Boot by visiting “Settings” and clicking “Update & Security”. Next, select “Recovery” and click the “Restart now” button. Proceed to selecting “Troubleshoot” and then, “Advanced Options”. Visit the “UEFI Firmware Settings” and click “Restart”.
Open the security or boot settings page and look for “Secure Boot Control”. Select the “Enabled” option and hit enter. Exit the UEFI settings and restart the computer to implement the changes.
How to Bypass the TPM 2.0 Windows 11 Requirement?
If you are trying to install Windows 11 on your PC and an error message pops up stating that your PC cannot run Windows 11, it means that either the TPM 2.0 is not installed or enabled. However, there is no need to panic.
The good news is that Microsoft includes a new “LabConfig” registry key that allows you to configure and bypass the TPM 2.0 requirements.
To bypass TPM 2.0, you need to install Windows 11 using the Windows 11 Insider Program. When you come across a message stating that your PC cannot run Windows 11, press “Shift+F10” at the same time to launch the command prompt. Type “regedit” in the command bar and hit enter.
Once the Registry Editor opens, navigate to HKEY_Local_Machine\System\Setup and right-click “Setup Key” and select “New > Key”. When asked to name the key, type “LabConfig” and hit Enter. Then, right-click on the “Lab Config” key and select “New > DWORD” (32-bit) value and create a value by the name BypassTPMCheck. Make sure that you set its value to 1.
Now create the BypassSecureBootCheck and BypassRamCheck values and set them to 1. Now that you are done creating and setting the values, close the Registry Editor window by entering “Exit” in the Command Prompt and click the “Back arrow” button of the page stating that the PC cannot run Windows 11. You will now return to the page where you need to select the version of the Windows 11 you wish to install. You can now proceed to install Windows 11 having bypassed all the hardware and TPM requirements.