Enable TPM on your PCSource: Windows Central

Although your device may include a Trusted Platform Module (TPM) chip, it doesn't necessarily mean that it's enabled by default. If it's not, you may need to enable it manually to use features like BitLocker on Windows 10 or perform an in-place upgrade or fresh install of Windows 11.

A Trusted Platform Module is a tamper-resistant silicon designed to generate, store, and protect encryption keys. It usually comes embedded on the motherboard, but you may also be able to get a module that you can then integrate into the system.

You wouldn't typically think about TPM on home devices since this was more a feature designed for businesses. However, Windows 11 is expected to start rolling out to devices sometime towards the end of the year, and Microsoft is now making the trusted platform module a prerequisite to install the OS.

If you plan to install Windows 11, and the Windows PC Health Check app is telling you that your hardware isn't compatible, even when you know everything else meets the requirements, or you want to take advantage of advanced security features on Windows 10, you can quickly enable the security module from the Unified Extensible Firmware Interface (UEFI) settings.

In this Windows 10 guide, you will learn the steps to enable TPM on your computer so you can install Windows 11 when it becomes available.

How to enable TPM via Windows 10

To enable the Trusted Platform Module (TPM) on your computer through the Windows 10 settings, use these steps:

Warning: Changing the incorrect firmware settings can prevent your device from starting correctly. You should access the motherboard settings only when you have a good reason. It's assumed that you know what you're doing.

  1. Open Settings.
  2. Click on Update & Security.
  3. Click on Recovery.
  4. Under the "Advanced startup" section, click the Restart now button.

    Windows 10 Recovery Settings Advanced StartupSource: Windows Central

  5. Click on Troubleshoot.

    Advanced Startup Troubleshoot optionSource: Windows Central

  6. Click on Advanced options.

    Windows 10 Advanced Options Source: Windows Central

  7. Click the UEFI Firmware settings option.

    Windows 10 UEFI firmware settings option Source: Windows Central

    Quick tip: If you have a legacy BIOS, the option will not be available.

  8. Click the Restart button.

    Windows 10 reboot to enter BIOS/UEFISource: Windows Central

  9. Open the security settings page.

    Quick note: The UEFI settings are usually different per manufacturer and even per computer model. As a result, you may need to check your manufacturer support website for more specific details to find the security settings.

  10. Select the Trusted Platform Module (TPM) option and press Enter.

    UEFI TPM settingsSource: Windows Central

  11. Select the Enabled option and press Enter.

    UEFI enable TPMSource: Windows Central

  12. Exit the UEFI settings.
  13. Confirm the changes to restart the computer.

Once you complete the steps, the security module will enable to allow you to configure and use features like BitLocker or pass the compatibility check to install Windows 11.

How to enable TPM via boot sequence

If you don't have access to the Windows 10 desktop, or this is a new computer, you can access the UEFI settings to enable a trusted platform module during the startup process.

To access the firmware settings to enable the TPM chip on your computer during the boot process, use these steps:

  1. Press the Power button.
  2. See the screen splash to identify the key you must press to enter the firmware (if applicable).
  3. Press the required key repeatedly until you enter the setup mode. Typically, you need to press the Esc, Delete, or one of the Function keys (F1, F2, F10, etc.).
  4. Open the security settings page.
  5. Select the Trusted Platform Module (TPM) option and press Enter.

    UEFI TPM settingsSource: Windows Central

  6. Select the Enabled option and press Enter.

    UEFI enable TPMSource: Windows Central

  7. Exit the UEFI settings.
  8. Confirm the changes to restart the computer.

After you complete the steps, the Trusted Platform Module will be enabled on the computer.

If you don't see the information on the screen or the computer boots too fast, restart the device again, and as soon as the boot starts press the required key multiple times quickly.

In the case you are unable to access the firmware using the keyboard, you may need to check your manufacturer documentation to determine the key you need to press during boot. Here are some computer brands and their respective keys to access the motherboard firmware:

  • Dell: F2 or F12.
  • HP: Esc or F10.
  • Acer: F2 or Delete.
  • ASUS: F2 or Delete.
  • Lenovo: F1 or F2.
  • MSI: Delete.
  • Toshiba: F2.
  • Samsung: F2.
  • Surface: Press and hold volume up button.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources: