You tried to install Windows 11 and got the error “This PC must support TPM 2.0.” It is frustrating. But here is the good news: if your PC was built after 2016, you probably already have a TPM chip on your motherboard. It is just disabled in the BIOS settings.
This guide walks you through exactly how to enable TPM 2.0 on any PC. We cover the universal approach first, then manufacturer-specific paths for ASUS, MSI, Gigabyte, Dell, HP, and Lenovo.
What Is TPM 2.0 and Why Does Windows 11 Require It?
TPM (Trusted Platform Module) 2.0 is a hardware security chip on your motherboard. It handles encryption keys, stores passwords, and verifies that your system has not been tampered with. Microsoft made TPM 2.0 a hard requirement for Windows 11 to raise the baseline security of the platform.
The common misconception is that this means buying a new PC. In reality, the vast majority of CPUs from Intel 8th-gen and AMD Ryzen 2000-series onward include firmware-based TPM. Intel calls theirs PTT (Platform Trust Technology). AMD calls theirs fTPM (firmware TPM). Both support TPM 2.0 and just need to be switched on.
Check If TPM 2.0 Is Already Enabled
Before diving into BIOS, check if TPM is already running. Press Windows Key + R, type tpm.msc, and hit Enter. If you see “The TPM is ready for use” and the Specification Version says 2.0, you are all set. No BIOS changes needed.
If the tool says “Compatible TPM cannot be found,” open System Information instead. Press Windows Key + R, type msinfo32, and look for BIOS Mode. It must say UEFI. Older systems in Legacy/CSM mode cannot use TPM 2.0 and need to be converted first.
How to Enable TPM 2.0 in BIOS (Universal Steps)
The BIOS key varies by manufacturer, but the path after you enter is usually similar. Here is the general process:
- Restart your PC and press the BIOS key repeatedly as soon as the screen lights up. Common keys: F2, Del, F10, F12, or Esc.
- Inside BIOS, navigate to the Security tab or Advanced tab. The exact name varies by brand.
- Look for one of these labels: TPM, TPM State, Security Device, Security Device Support, Intel PTT, AMD fTPM, or AMD PSP fTPM.
- Set it to Enabled.
- Press F10 to save and exit. Your PC reboots.
That is the four-step version. The hard part is finding which menu hides the setting on your specific board. Use the brand-specific guides below.
Enable TPM 2.0 by Manufacturer
ASUS Motherboards
Enter BIOS with F2 or Del. Go to Advanced > PCH-FW Configuration. Set PTT to Enabled. For AMD boards, the path is Advanced > AMD fTPM Configuration > set fTPM to Enabled.
MSI Motherboards
Enter BIOS with Del. Press F7 for Advanced Mode. Go to Settings > Security > Trusted Computing. Set Security Device Support to Enabled. Newer MSI boards also have a dedicated TPM menu under Settings > Security.
Gigabyte Motherboards
Enter BIOS with Del. Go to Peripherals. For Intel, set Intel Platform Trust Technology (PTT) to Enabled. For AMD, set AMD fTPM to Enabled. Save and exit.
Dell Desktops and Laptops
Enter BIOS with F2. Go to Security > TPM 2.0 Security. Check the box for TPM On. Under Advanced, ensure UEFI is the boot mode. Some Dell systems from 2018-2019 have the TPM hidden and require a BIOS update to expose the option.
HP Desktops and Laptops
Enter BIOS with F10. Go to Security > TPM Embedded Security. Set TPM Device to Available. Set TPM State to Enabled. If you see no TPM option at all, your HP model may have it locked at the factory. Check your exact model on HP’s support site for the specific BIOS firmware version that adds TPM controls.
Lenovo ThinkPads and Ideacentre
Enter BIOS with F1 or F2 (Enter + F1 on newer ThinkPads). Go to Security > Security Chip. Set it to Active or Enabled. On older ThinkPads, this setting is labeled AT(T) or TPM Security Chip. Lenovo also requires Secure Boot to be enabled for TPM to function on some models.
Intel PTT vs AMD fTPM: What Is the Difference?
Intel PTT and AMD fTPM do the same job with different hardware. PTT lives inside the Intel Management Engine on the chipset. AMD fTPM is baked into the CPU’s PSP (Platform Security Processor). Both qualify as TPM 2.0 for Windows 11.
You do not need a separate physical TPM module unless you run a very old system (pre-2015) or a workstation motherboard that lacks firmware TPM. If you have an Intel 8th-gen or newer, or an AMD Ryzen 2000 or newer, you have firmware TPM. Full stop.
Quick Fix Checklist
If you enabled TPM but Windows still reports it is missing, run through this checklist:
- Reboot twice. Some BIOS settings need a full power cycle (shut down, unplug for 30 seconds, power back on) before the OS detects the change.
- Check UEFI mode. Open msinfo32 and confirm BIOS Mode says UEFI, not Legacy. Convert to UEFI before TPM will work.
- Enable Secure Boot. Some manufacturers tie TPM availability to Secure Boot being enabled. Check under the Boot tab in BIOS.
- Update your BIOS firmware. Motherboard vendors regularly add TPM support in BIOS updates for older boards. Check your manufacturer’s support page for the latest version.
- Clear the TPM. In BIOS, look for a “Clear TPM” or “Reset TPM” option. Apply it, save, exit, and then re-enable TPM. This fixes detection issues on systems that shipped with TPM partially configured.
- Run Windows Update. After enabling TPM, check for driver updates. Windows Update often pushes TPM firmware updates from your PC manufacturer.
What If Your PC Does Not Support TPM 2.0?
If you went through every BIOS menu and found no TPM, PTT, or fTPM option, your hardware may genuinely be too old. CPUs older than Intel 7th-gen and AMD Ryzen 1000-series do not include firmware TPM.
You have two options: install a physical TPM 2.0 module on your motherboard’s TPM header (if your board has one), or upgrade to a newer CPU and motherboard. Physical TPM modules cost roughly $15 to $30 and take five seconds to install, but many consumer boards removed the TPM header after 2020 since firmware TPM became standard.
If neither option works for you, the last resort is installing Windows 11 with a registry bypass that skips the TPM check. It is not recommended for production machines. Microsoft can disable security features like BitLocker and Windows Hello on bypassed installations.