What is a TPM? And here's why you need it for Windows 11

What is a TPM and why Windows 11 needs one
(Image credit: Microsoft/Asus | Remix by Nick Bush)

It was only after Microsoft had finished its Windows 11 unveil earlier this summer that the company released system requirements for its software update. And buried underneath RAM recommendations and recommended gigahertz (GHz), was a curious acronym: TPM. 

Trusted Platform Module, or TPM, is a secure cryptoprocessor that secures a computer via an integrated cryptographic key. But in more basic terms, it's like a security alarm for your computer to prevent hackers or malware from accessing data. And it will be necessary for Windows 11, which arrives this week. (Check our our Windows 11 review for our impressions of this software update.) 

Unfortunately, it seems that some older hardware will be excluded from the Windows 11 update. Microsoft confirmed as much, saying that while the situation "sucks," it's to ensure a more secure Windows experience moving forward.

What is a TPM and how does it work?

There's software security and hardware security. Software security, when done well, is an effective means of preventing hackers from entering a system. But because software is more malleable by nature — its code that can be modified — there's always a chance that a sophisticated hacker or an exploit can be found, giving intruders the ability to access sensitive information. 

Hardware security, as the name implies, is hardcoded. The cryptographic keys are impossible to modify unless the hacker somehow knows exactly what those keys are in advance. 

"PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states," said David Weston, director of enterprise and OS security at Microsoft in a blog post. "Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust."

The TPM chip communicates with other security systems within a PC. Whether it be a fingerprint reader or Windows Hello facial recognition, it all has to confer with the TPM to allow users access.

And it's not just your security systems that will utilize a TPM, so do programs like Outlook, Firefox and Chrome. 

Does my computer have TPM?

There are a few ways to check if your current machine has a TPM. The easiest way is to go to the Start menu, search for Windows Security, and click on Device Security on the left-hand column. There, another window will appear that shows if your device has a TPM installed. It should say Security processor, with a little green checkmark next to the icon. If that Security processor icon isn't there, then you do not have a TPM installed. 

Scroll through the gallery below to see all the steps. 

If you see nothing, another way to quickly check if there's a TPM installed is to type Run into the Start search bar, and then type in tpm.msc and hit Enter. 

Run menu with tpm.msc in search

(Image credit: Future)

That should bring up the Trusted Platform Module (TPM) Management on Local Computer window. If it says "Compatible TPM cannot be found" then either your computer doesn't have a TPM, or has TPM 1.2, but is not enabled in the BIOS. 

Unfortunately, even if you are able to enable TPM 1.2 in the BIOS, Windows 11 actually requires TPM 2.0.

A final way to check is to download the PC Health Check app from Microsoft. After installation, the program will tell you if your computer is ready for Windows 11.

What to do if you don't have TPM 2.0

For desktop users that may not have TPM 2.0, one way to add the functionality is to buy a compatible module for your motherboard. This will require you to search for your motherboard model and see if the manufacturer ever released a compatible TPM. 

Also, it seems that prices for TPMs have increased since the Windows 11 unveiling. An Asus TPM, which sold for $14 on Amazon, has, as of this publishing, sold out and is selling for more than $40 on the used market. Some manufacturers have also stopped production of TPMs, but it's likely that production may start up again given the recent surge in demand. 

If you are able to procure a compatible module, all you have to do is find the TPM pins on your motherboard and stick it in. Remember to go into the BIOS menu and enable it as well.

Now, if you have a more modern CPU, one built after 2014, there's a chance that TPM already exists. Modern CPUs contain TPM via firmware. Intel uses Platform Trust Technology (PTT) while AMD Ryzen chips utilize fTPM.

Steps to enable this in BIOS will vary based on manufacturer. But it generally will require users to restart their PC and press the Delete key repeatedly until the BIOS menu appears. From there, users might need to go into more advanced menus to find the TPM selector. From there, firmware TPM can be enabled.

Note that there's an open-source script out there that bypasses the TPM check, so that you can force-install Windows 11 on your computer without a TPM. But it's risky, and Microsoft has said that, should you force-install Windows 11, you will no longer receive updates and future support.

Imad Khan

Imad is currently Senior Google and Internet Culture reporter for CNET, but until recently was News Editor at Tom's Guide. Hailing from Texas, Imad started his journalism career in 2013 and has amassed bylines with the New York Times, the Washington Post, ESPN, Wired and Men's Health Magazine, among others. Outside of work, you can find him sitting blankly in front of a Word document trying desperately to write the first pages of a new book.