With Windows 11, Microsoft made the decision that a TPM 2.0 (Trusted Platform Module) is mandatory to run Windows 11. Due to this prerequisite, Windows 11 could not be installed or upgraded on many older computers. In this blog, we’ll look at what a TPM is, how to check if you have a TPM 2.0, and how to install Windows 11 anyway.
What is a TPM?
A TPM is a security module which is typically located on the motherboard. A TPM stores user data, biometric data for e.g. Windows Hello or other cryptographic keys. The TPM can also act as a processor for creating hardware-based hashes. It is almost impossible for attackers to access the data in the TPM.
How can I check if I have a TPM 2.0
- Open a cmd and enter tpm.msc
- If you do not have a TPM, the window looks like this:
To get more information about the TPM, open a PowerShell window as administrator and type get-tpm
To find out the TPM version, run the following command in an administrative cmd:
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get /value
You will see the version next to SpecVersion=
How to Install Windows 11 without a TPM 2.0
Disclaimer: You have to consider that by disabling the TPM check you may not have support for important security features and it is not guaranteed that Windows will work properly. The TPM is used for features such as Device Health Attestation, SecureBIO, System Guard and Windows Hello.
- Download the latest Windows 11 ISO from the official Microsoft site
- Create a boot stick (on Mac I use e.g. Etcher)
- Plug in the boot stick and start the installation
- Select the language and click start installation
- Press Shift + F10 to open a CMD
- Type regedit
- Navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup
- Right-click on the Setup key and select New > Key
- Name the key LabConfig
- Right-click and New -> DWORD (32-bit) Value
- Name the value BypassTPMCheck
- Double-click on the value
- Set the value data to 1
- Click OK
- Create two more DWORD values
- Name: BypassRAMCheck
- Value: 1
- Name: BypassSecureBootCheck
- Value: 1
- Name: BypassRAMCheck
- Close the Registry Editor and the CMD window
- Press the back button in the upper left corner of your Windows 11 setup screen
- Install Windows 11
As mentioned before, this is a way to install Windows 11 even if you don’t have a TPM, but be aware that you’re giving up some important security features. I hope this blog post was helpful.
Stay healthy, Cheers
Jannik