Guide to Windows 11, BIOS and system security.
If you're thinking about upgrading to Windows 11 or just want to make sure your computer is running as securely as possible, you've probably heard of TPM 2.0 and Secure Boot. These are technologies that are already present in most modern computers and play an important role in protecting your data. In this article, you'll learn in simple terms what they do, how they work, and how you can check if they're enabled on your system.
📋 Table of Contents
What is TPM 2.0?
Think of TPM 2.0 as a small but extremely important safe inside your computer. It securely stores data that shouldn’t fall into the wrong hands, such as passwords, security keys, and information that Windows needs to start up securely. When enabled, it helps protect your computer from malware, hacking, and unauthorized access attempts.
🔐 TPM 2.0 Technical Details
The TPM (Trusted Platform Module) is a special chip that is usually built into your computer's motherboard. TPM 2.0 is the most modern version and is now required by Windows 11. Simply put, the TPM:
- Disk encryption: Protects your files when you use BitLocker.
- Secure password storage: It stores the "secrets" that the system needs for security functions.
- System integrity check: It is verified that Windows has not been corrupted before starting.
- Identity protection: Helps Windows Hello work securely for facial or fingerprint recognition.
What is Secure Boot?
Secure Boot acts like a “guard” standing at the door of your computer every time you turn it on. It checks that all the files needed to start Windows are genuine, safe, and haven’t been corrupted by viruses or other suspicious programs. If something isn’t trustworthy, the computer stops booting to protect you.
🛡️ How Secure Boot Works
Secure Boot is part of UEFI, the advanced system that has replaced the old BIOS. Its main role is to prevent attacks that try to "penetrate" before Windows loads. Specifically, it protects against:
- Rootkits: Malicious programs that hide deep in the system.
- Boot kits: Viruses that activate before the operating system even starts.
- Unauthorized operations: Blocks programs that do not have a security signature.
- Firmware attacks: Protects against threats that target the lower level of the computer.
Why Are These Characteristics Important?
🔒 Protection from Cyberattacks:
TPM 2.0 and Secure Boot create a strong safety net that makes it much more difficult for malicious users to install viruses, ransomware, or other dangerous software on your computer. Without them, your computer is more exposed to serious threats.
✅ Requirement for Windows 11:
Microsoft requires both features to install Windows 11. So if you're planning to upgrade, it's important to make sure your computer supports them and they're enabled.
💼 Business Security:
If you use your computer for work, TPM 2.0 offers extra security for all your sensitive business files and data. Many companies require it to comply with security regulations and to ensure that employee data remains protected.
🔑 Safer Connections:
With TPM 2.0, you can use Windows Hello for biometric login (facial recognition or fingerprint) with much greater security than a simple password. This means that only you can unlock your computer or apps.
💾 Data Encryption:
BitLocker, the Windows encryption tool, works seamlessly with TPM 2.0. This means that even if someone gets their hands on your hard drive, they won't be able to read your files without the right key.
How to Check TPM 2.0 - Six Easy Steps
Step 1: Open the "Run" Menu
Press the keys simultaneously Windows + RA small window will appear to type commands.
Step 2: Write the Command
In the window that opens, type exactly: tpm. msc and press Enter.
Step 3: View the Results
A new window will open with information. If you see the message "Compatible TPM 2.0 found on this computer," then TPM 2.0 is present and enabled on your computer – great news for security.
⚠️ What If You Don't See This Message?
If TPM 2.0 is not found or is not enabled, don't worry. You will need to enable it through BIOS or UEFI settings. Continue to the next section for details.
How to Enable TPM 2.0 from Settings
Step 1: Access BIOS Settings
Turn off the computer completely. Turn it back on and repeatedly press one of the following keys: Del, F2, F10 or Esc, depending on your model. The settings menu will appear with a blue or black background.
Step 2: Find the Right Unit
Find options like Security, Advanced, Integrated Peripherals or similar. The name may vary depending on the manufacturer.
Step 3: Find the TPM Option
Search for type options TPM 2.0, PTT (fTPM), Trusted Platform Module and enable it. Usually you change it from "Disabled" to "Enabled".
Step 4: Save and Exit
He pressed F10 or find the "Save and Exit" option. The computer will restart with TPM 2.0 enabled.
How to Check Secure Boot
Step 1: Open Windows Settings
Press the button Windows and type "System Information". Open the first result that appears.
Step 2: Look for Secure Boot Status
In the window, find the "Secure Boot State" label. If it says "On", it is enabled. If it says "Off", you will need to enable it from the BIOS like the TPM.
How to Enable Secure Boot
Step 1: Enter BIOS/UEFI
Restart the computer and press repeatedly Del, F2, F10 or Esc to enter the settings menu.
Step 2: Find the Boot Menu
Search for menu Boot, Security ή Authentication, where you will find the Secure Boot option.
Step 3: Enable Secure Boot
Find the option Secure Boot and change it to EnabledSometimes you need to set a supervisor password in the BIOS first.
Step 4: Save Changes
He pressed F10 and confirmed saving. The computer will restart with Secure Boot enabled.
BIOS Settings by Manufacturer
💻 Instructions for Different Manufacturers
Each manufacturer organizes their computer's BIOS or UEFI differently. Below are instructions to easily find the TPM 2.0 and Secure Boot settings:
🔹 ASUS:
- BIOS entry key: F2 ή From
- TPM: Advanced → PCH-FW Configuration → PTT (enable)
- Secure Boot: Boot → Secure Boot → OS Type [Windows UEFI]
🔹 MSI:
- Input key: From
- TPM: Settings → Security → Trusted Computing → Security Device Support (Enabled)
- Secure Boot: Settings → Security → Secure Boot → Secure Boot [Enabled]
🔹 Gigabytes:
- Input key: From
- TPM: Settings → Miscellaneous → Intel Platform Trust Technology (PTT)
- Secure Boot: BIOS Features → Secure Boot → Secure Boot Enable
🔹 Dell:
- Input key: F2
- TPM: Security → TPM 2.0 Security (Enabled)
- Secure Boot: Secure Boot → Enable Secure Boot
🔹 HP:
- Input key: F10 ή I
- TPM: Security → TPM Embedded Security
- Secure Boot: Security → Secure Boot Configuration
🔹 Lenovo:
- Input key: F1, F2 ή Enter
- TPM: Security → Security Chip (Enabled)
- Secure Boot: Security → Secure Boot → Secure Boot [Enabled]
🔹 Acer:
- Input key: F2 ή From
- TPM: Security → Set Supervisor Password (first) → TPM State [Enabled]
- Secure Boot: Boot → Secure Boot [Enabled]
Dealing with Problems
Sometimes, even if you follow all the steps, some problems may occur. Here are the most common cases and how to easily solve them:
❌ Problem: TPM does not appear in BIOS
Solution: Your computer may not have a physical TPM chip. Don't worry! Look for an option that says fTPM (for AMD) or PTT (for Intel). These are embedded firmware versions of the TPM that do exactly the same job.
❌ Problem: Secure Boot cannot be enabled
Solution: This usually happens when the hard drive uses the old MBR system instead of GPT. You can convert it to GPT without losing data by using the command mbr2gpt on Windows. Open Command Prompt as administrator and type:
mbr2gpt /convert /allowFullOS
❌ Problem: After enabling Secure Boot, the computer does not start
Solution: Re-enter BIOS and temporarily disable Secure Boot. Check that Windows is installed in UEFI mode and that your disk is GPT and not MBR.
❌ Problem: My computer is very old and does not support TPM 2.0
Solution: If your computer is older than 2016, it probably doesn't have TPM 2.0. You have two options:
- Purchase an external TPM module (if the motherboard supports it)
- Staying on Windows 10, which will be supported until October 2025
❌ Problem: TPM is "Cleared" or "Not Ready"
Solution: The TPM needs to be initialized. Open it. tpm. msc, right-click on "Trusted Platform Module" and select "Initialize TPM". Follow the instructions that appear.
⚠️ Important Warning
Before changing anything in the BIOS, make sure you have a backup of your important files. While the changes are safe, protecting your data is more important.
FAQ
❓ Will I lose data if I enable TPM or Secure Boot?
No, enabling these features does not affect your files. However, it is always a good idea to have a backup.
❓ Do I need to be a technician to make these changes?
No! If you carefully follow the steps outlined here, you can do it yourself. Go slowly and read each instruction.
❓ I can't find the TPM option in my BIOS
Each manufacturer uses different names. Look for Security Device, Platform Trust Technology (PTT), fTPM or similar options. If you can't find it, check your motherboard manual.
❓ Can I use Linux with Secure Boot enabled?
Yes! Most modern Linux distributions support Secure Boot. Older versions may require additional configuration.
❓ Does TPM slow down my computer?
No. TPM works in the background and does not affect system speed or performance.
❓ Do I need to repeat the settings after each reboot?
No. Once you enable TPM and Secure Boot, they remain enabled permanently.
❓ Can I upgrade to Windows 11 without TPM 2.0?
Technically there is a way, but it is not recommended. Without TPM 2.0, your computer will be less secure and may not receive all security updates.
Conclusion
TPM 2.0 and Secure Boot aren’t just technical features – they’re tools that actually protect your PC. With just a few steps, you can be sure your system is secure and ready for Windows 11.
📝 Key Points to Remember:
- TPM 2.0 protects your data with encryption
- Secure Boot prevents malware at startup
- Both are required for Windows 11
- Enabling them does not affect computer performance
- Activation once is enough – no need to repeat
If you've followed all the steps and are still having problems, seek help from a technician or contact the manufacturer's support. Your computer's security is worth your time!
(I.e. Last updated: December 2025
RELATED TOPICS
Loading comments...