Fix It = Make Worker Whole Again

If you saw that your PC is not uniform with Windows 11, information technology may exist because your system doesn't have two security settings turned on, Secure Boot and TPM 2.0. Here'south how to practise it.

Sarah Tew/CNET

Microsoft started a phased rollout of Windows 11 earlier this twelvemonth with a preview version of its flagship Os. But if y'all're trying to use the earliest version of the software on your existing PC, y'all might see some speed bumps due to the system requirements for the new operating organisation. (Hither'south how to download Windows 11 and how to create a Windows 11 install drive.)

If you've tried installing Windows 11 Insider Preview or using theMicrosoft PC Health Check app and were greeted with an mistake message reading, "This PC can't run Windows 11," your system might non have two essential security settings turned on: Secure Boot and TPM 2.0. (Hither are two other things you must do before downloading Windows 11.) Many modernistic computers and processing fries from Intel and AMD have these features built in, and both are now required for all machines running Windows eleven.

In one case you've downloaded the PC Health Check app, you can click Bank check Now to begin the scanning process. The app will tell y'all whether your computer will support Windows xi, or what it's missing, and you tin can click Meet All Results for more data.

If your auto is new enough to support both, enabling TPM (brusk for Trusted Platform Module) and Secure Boot is often quite easy. No special skills are needed, and you'll just exist clicking through menus. If yous've never heard the words "BIOS menu" you might feel out of your element, but don't be intimidated. With a little patience, any first-timer tin exercise this.

Hither's what you need to know.

Read more:Windows 11 review: Microsoft's Os upgrade is subtle, merely we like that

What are TPM and Secure Kick?

TPM microchips are small devices known every bit secure cryptoprocessors. Some TPMs are virtual or firmware varieties just, as a chip, a TPM is attached to your motherboard during the build and designed to enhance hardware security during computer startup. A TPM has been a mandatory slice of tech on Windows machines since 2016, so machines older than this may not have the necessary hardware or firmware. Previously, Microsoft required original equipment manufacturers of all models built to run Windows x to ensure that the machines were TPM ane.2-capable. TPM 2.0 is the most contempo version required.

TPMs are controversial among security specialists and governments. An updated and enabled TPM is a strong preventative against firmware attacks, which have risen steadily and drawn Microsoft's attention. However, it also allows remote attestation (authorized parties tin run across when you make sure changes to your computer) and may restrict the kinds of software your machine is allowed to run. TPM-equipped machines mostly aren't shipped in countries where western encryption is banned. China uses its state-regulated alternative, TCM. In Russian federation, TPM use is only allowed with permission from the government.

Secure Kick is a feature in your computer's software that controls which operating systems are allowed to be active on the machine. Information technology'south both a expert and bad thing for a Windows machine. On the ane hand, information technology can prevent certain classes of invasive malware from taking over your automobile and is a core defense confronting ransomware.

On the other hand, it tin forestall y'all from being able to install a second operating system on your machine, giving y'all 2 to choose from when y'all kickoff start up your reckoner. So, if you wanted to experiment with Linux operating systems, for instance, Secure Boot could end you. Secure Kick likewise plays a role in preventing Windows pirating.

TPM and Secure Kick could be the fundamental to getting your device to run Windows 11.

Microsoft

A few words of caution

Now that yous know about the secure technologies you'll be using, there are a few things you should keep in listen earlier yous dive into fixing the issue on your ain.

• Microsoft confirmed at that place are four types of problems that might take given you a "This PC can't run Windows eleven" fault message if you used its PC Health Check tool. If you are missing the hardware or firmware necessary for Windows eleven, the instructions below won't aid -- you'll need to buy a new device to run the Os.
• Keep in mind that these instructions are written equally broadly every bit possible. That'due south because Windows machines vary and then much that information technology's non feasible to cover all the possible ways to enable TPM and Secure Boot across every device. For the most function, though, the process is like enough beyond machines that you lot should be able to use the instructions as a guide and, where your calculator differs, nonetheless place the equivalent menu or label in your own system.
  
• If your auto is even so covered past a warranty, always speak with the manufacturer beginning before doing anything that could potentially void it. If your machine is owned and maintained by your company or school, it may have a unique security configuration that your IT staff volition need to handle. It's also a good idea to go far contact with your local PC repair shop; having a qualified professional on standby is the best manner to go back on rails if you get turned around or encounter roadblocks.
• Always back up your important files before making any big changes to your calculator. Always. But do it. Y'all'll thank u.s.a. later on.
• If this is your first fourth dimension working in a BIOS menu, stick close to the instructions and don't veer too far from the browbeaten path. Nosotros're on a very simple mission here, and nothing I recommend below volition do any impairment to your machine or data, but irresolute firmware settings in your BIOS bill of fare can have a wide-ranging bear upon. There are few guardrails here, and you can lose a lot of important information very fast. Some mistakes can be permanent and, in most cases, there won't be any polite pop-ups gently asking whether you lot're sure you want to make those mistakes.

You should definitely expect around, explore your options and familiarize yourself with what's under the hood, but avoid changing whatsoever settings or saving whatever of those changes unless you know specifically what's going to happen when you practice.

New Windows 11 features include Microsoft Teams integration.

Microsoft/Screenshot by Sarah Tew/CNET

Is my device capable of TPM two.0 and Secure Boot?

If the PC Health Checker suggested that TPM isn't enabled, you should first find out whether that's an accurate diagnosis. Hither's how.

1. From your desktop, press theWindows key next to the spacebar + R. This volition bring up a dialog box.

two. In the text field of the box, type tpm.msc and hit Enter. This should bring up a new window labelled "TPM Management on Local Computer."

3. Click Status. If you encounter a bulletin that says "The TPM is ready for use" and then the PC Health Checker has misdiagnosed you lot, and the steps below won't help. At this signal, at that place are several reasons y'all might be receiving the wrong error message from Microsoft, so your best bet is to get a professional person to take a expect at your motorcar.

If you lot don't come across that message, and instead see "Compatible TPM cannot exist found" or another message indicating the TPM may be disabled, follow the next steps.

At present playing: Watch this: How to enable TPM two.0 and Secure Kicking to install Windows...

half dozen:39

How exercise I enable TPM 2.0?

Y'all're going to need to get to your BIOS card and so you tin can go to your TPM switch, and there are two ways to do that. Nosotros'll cover both here. The first is for much newer PCs, the second method for those a few years older. Regardless of which you choose, though, you're going to demand to restart your machine. And then save any work and close whatsoever open windows or programs before proceeding.

From Windows 10'southward Beginning carte

If you have a newer machine running Windows x, your boot time may be too fast for y'all to try the traditional method of hitting a detail primal to become to your BIOS card before Windows can fully load. Here'southward how to go to it from inside your normal desktop.

Brett Pearce/CNET

1. First your estimator normally and open the Start menu by clicking on that Windows button on the far left lesser of your screen. Click on the gear-shaped Settings icon on the left side of the menu.

2. Within the Settings window that appears, click Update & Security. On the left-side pane that appears, click Recovery. Under the Avant-garde startup header, click Restart now.

Your computer will immediately restart, and instead of restarting and bringing you to your normal desktop screen, you'll be brought to a blue screen with a few options.

3. Click Troubleshoot, followed past Advanced options, followed past UEFI Firmware Settings.

Your device will restart again.

From hither, go to Step ii in the department below and follow the remaining steps.

From start-up

You're going to need to movement very rapidly for Step 1. You'll only have a few seconds to go into the BIOS earlier your operating organization loads. If you miss your window, no harm done, you'll just have to restart the computer and effort again. Afterward Footstep 1, though, feel gratis to take your sweet time.

1. Restart your reckoner, and every bit information technology's booting upwardly you should see a message telling y'all to press a certain cardinal to enter the BIOS, whether it uses that word or another. On most Dells, for instance, y'all should see "Press F2 to enter Setup." Other messages might be "Setup = Del" (pregnant Delete) or "Organization Configuration: F2." Press any key the prompt tells y'all to and enter the Setup menu.

Depending on what kind of computer y'all have, a different key may be needed to enter your Setup carte. Information technology could exist F1, F8, F10, F11, Delete or another cardinal. If in that location's no message on the screen with instructions, the general dominion is to hit the fundamental when you run into the manufacturer's logo just before Windows loads. To find out which key will get you in, search online for your laptop's make and model along with the phrase "BIOS cardinal."

2. In the BIOS or UEFI bill of fare, in that location should be at least ane option or tab labelled Security. Using your keyboard, navigate to it and hit Enter. On some systems, y'all might need to apply the + cardinal to expand a submenu instead.

3. In one case you're inside the Security section, you're going to be looking for the TPM settings. This might exist clearly labeled "TPM Device," "TPM Security" or some variation. On Intel machines, information technology will sometimes be labeled "PTT" or "Intel Trusted Platform Technology." Information technology might also appear as "AMD fTPM Switch."

Warning: Stay warning here. Within most TPM settings menus, you generally take an option to clear your TPM, update it or restore information technology to factory default. Do not practise that right now. Clearing the TPM will cause you lot to lose all data encrypted by the TPM and all keys to the encryption. This activeness can not be undone or reversed.

4. From inside the TPM settings menu, y'all're on i mission merely: Find the switch that turns on the TPM. You're non touching anything else. Wait through the options inside this menu for one that shows some form of toggle or switch beside the word "Enable" or "Unavailable" or even just "Off." Use your arrow keys to flip that toggle or switch.

5. Once you've kicked on the TPM, look around the screen for Salve. In one case you've saved this setting, restart the estimator.

Microsoft

How do I enable Secure Boot?

You'll save yourself a headache if y'all keep 1 matter in listen about enabling Secure Boot. Sometimes after you enable Secure Boot on a machine that'due south running software incompatible with Secure Boot, the car volition decline to load Windows properly on restart. If that happens, don't panic. You didn't break anything.

No matter which method you've used to get to the boot menu to brainstorm with -- either via Windows ten'south Kickoff menu, or by the traditional method of hitting a specific key during kickoff-upwards -- y'all can still apply the traditional method to get dorsum to the kick carte du jour and disable Secure Boot again.

From Windows 10's Start menu

Follow the steps above to access the UEFI Firmware Settings.

i. In one case yous're in the UEFI, you're going to be looking for the Secure Boot setting. There are a few possible places this could be -- cheque under any tabs labelled Boot, Security or Hallmark.

2. Once you've checked the tabs and found the Secure Kick setting, toggle the switch beside it to plow it on or enable it.

3. Find your Save feature and, after you've saved your changes and exited the menu, your computer should reboot and bring yous dorsum to a normal Windows desktop.

There are some PCs on which y'all may not be able to readily detect the Secure Boot setting. Some computers will load Secure Boot keys nether a Custom tab. Some computers won't permit you to enable Secure Boot until sure factory settings are restored. If you're unable to access Secure Boot, or get roadblocked here, it'due south best to get assist from a professional rather than accept chances.

From kickoff-upwardly

If you're not working with UEFI, and so you should be able to just enable Secure Boot in BIOS.

1. Just equally you did when enabling your TPM, striking F2 (or whichever key your manufacturer specifies) equally your reckoner is booting up and enter the BIOS menu.

2. Go to the tab or option that says BIOS Setup, and so select Advanced.

iii. Next, select Boot Options and a list of them should announced.

4. In that list, notice Secure Boot. Enable it.

five. Hit Salvage, exit the menu organization, and restart your computer if information technology does not restart automatically.

Now playing: Watch this: Windows xi: Tiptop new features in 2021

3:22

What if I don't have a TPM bit?

Every bit noted past CNET sister publication ZDNet dorsum in 2017, motherboard manufacturers sometimes skimp on installing the actual TPM flake and instead transport the boards out with but the function that allows the chip to connect to the board. If you find out that you were shorted on your TPM fleck when y'all bought your PC, and you don't take a virtual or firmware TPM version, you still have a few options.

Your first option is to attempt to return your machine via your manufacturer warranty. That is, of course, assuming your machine's manufacturer is willing to install the chip information technology already sold you, or replace your model with one that has a chip. Your second, and most expensive, option is to just buy a newer motorcar afterward verifying that it does, indeed, have an bodily TPM 2.0-capable chip.

If your warranty is already voided, your third pick -- less expensive, but perchance more than difficult -- is to buy a whole new motherboard with a TPM ii.0 chip installed, so either swap out the boards yourself or have your local aftermarket repair shop handle the job. Exist warned, even so, that the ongoing global bit shortage has squeezed the globe's supply of motherboards, making them more difficult to find and pushing prices to upwardly of $300 to $400 dollars for some brands. That's another identify your local repair shop may be able to aid.

Finally, either you lot or your repair shop tin effort your fourth option: hunting downward a TPM chip with the right specifications for your motherboard and installing information technology. Depending on the type yous become with and where you get it from, a TPM ii.0-capable chip tin run you lot anywhere from $70 up. Luckily, the basic structures of the boards and chips are similar enough that -- if you'd similar to get your hands muddied under the hood -- information technology'due south possible to install a TPM flake yourself. ZDNet has step-by-step instructions (with a helpful gallery of pictures to guide you).

Whichever route you lot become, we strongly propose you to commencement consult either your manufacturer or a device repair specialist earlier y'all try to take apart your car. Spending a few moments with a knowledgeable professional could exist all information technology takes to turn your upgrade nightmare into a quick set up, and spare y'all excessive replacement costs.

Now playing: Watch this: Windows xi review: New Bone has us asking, update or wait?

viii:32

For more, check out how to download Windows 11, and the best new Windows 11 features and how to use them.

kingotted1963.blogspot.com

Source: https://www.cnet.com/tech/computing/how-to-fix-this-pc-cant-run-windows-11-error-tpm-and-secure-boot/

Share this post