‘This PC cannot run Home windows 11’ error: Learn how to repair the issue with TPM and Safe Boot

'This PC can't run Windows 11' error: Fix it by enabling TPM and Secure Boot

In case you noticed that your PC shouldn’t be suitable with Home windows 11, it could be as a result of your system would not have two safety settings turned on, Safe Boot and TPM 2.0. This is how you can do it.

Sarah Tew/CNET

Microsoft began a phased rollout of Home windows 11 this month. However you in all probability will not get Home windows 11 simply but. In case you’re planning on downloading the brand new OS in your present PC, you may run into some velocity bumps as a result of system necessities for the brand new working system. (This is how you can obtain Home windows 11 and how you can create a Home windows 11 set up drive.) 

In case you’ve tried putting in Home windows 11 Insider Preview or utilizing the Microsoft PC Well being Test app and had been greeted with an error message studying, “This PC cannot run Home windows 11,” your system may not have two important safety settings turned on: Safe Boot and TPM 2.0. (Listed here are two different issues you could do earlier than downloading Home windows 11.) Many trendy computer systems and processing chips from Intel and AMD have these options in-built, and each at the moment are required for all machines operating Home windows 11. 

As soon as you have downloaded the PC Well being Test app, you may click on Test Now to start the scanning course of. The app will let you know whether or not your pc will assist Home windows 11, or what it is lacking, and you’ll click on See All Outcomes for extra info.

In case your machine is new sufficient to assist each, enabling TPM (quick for Trusted Platform Module) and Safe Boot is commonly fairly straightforward. No particular expertise are wanted, and you may simply be clicking via menus. In case you’ve by no means heard the phrases “BIOS menu” you may really feel out of your aspect, however do not be intimidated. With a little bit endurance, any first-timer can do that. 

This is what you’ll want to know. 

Learn extra: Home windows 11 evaluation: Microsoft’s OS improve is refined, however we like that

What are TPM and Safe Boot? 

TPM microchips are small units often called safe cryptoprocessors. Some TPMs are digital or firmware varieties however, as a chip, a TPM is hooked up to your motherboard in the course of the construct and designed to reinforce {hardware} safety throughout pc startup. A TPM has been a compulsory piece of tech on Home windows machines since 2016, so machines older than this will not have the mandatory {hardware} or firmware. Beforehand, Microsoft required authentic gear producers of all fashions constructed to run Home windows 10 to make sure that the machines had been TPM 1.2-capable. TPM 2.0 is the latest model required.

TPMs are controversial amongst safety specialists and governments. An up to date and enabled TPM is a robust preventative towards firmware assaults, which have risen steadily and drawn Microsoft’s consideration. Nonetheless, it additionally permits distant attestation (licensed events can see whenever you make sure modifications to your pc) and should limit the sorts of software program your machine is allowed to run. TPM-equipped machines usually aren’t shipped in nations the place western encryption is banned. China makes use of its state-regulated various, TCM. In Russia, TPM use is barely allowed with permission from the federal government. 

Safe Boot is a function in your pc’s software program that controls which working methods are allowed to be lively on the machine. It is each a very good and dangerous factor for a Home windows machine. On the one hand, it could forestall sure courses of invasive malware from taking on your machine and is a core protection towards ransomware. 

However, it could forestall you from having the ability to set up a second working system in your machine, supplying you with two to select from whenever you first begin up your pc. So, for those who wished to experiment with Linux working methods, as an illustration, Safe Boot might cease you. Safe Boot additionally performs a component in stopping Home windows pirating. 


TPM and Safe Boot may very well be the important thing to getting your system to run Home windows 11.


A number of phrases of warning 

Now that you recognize in regards to the safe applied sciences you will be utilizing, there are some things it’s best to bear in mind earlier than you dive into fixing the difficulty by yourself. 

  • Microsoft confirmed there are 4 varieties of issues that may have given you a “This PC cannot run Home windows 11” error message for those who used its PC Well being Test software. If you’re lacking the {hardware} or firmware obligatory for Home windows 11, the directions under will not assist — you will must purchase a brand new system to run the OS.
  • Understand that these directions are written as broadly as attainable. That is as a result of Home windows machines range a lot that it isn’t possible to cowl all of the attainable methods to allow TPM and Safe Boot throughout each system. For essentially the most half, although, the method is analogous sufficient throughout machines that it’s best to have the ability to use the directions as a information and, the place your pc differs, nonetheless determine the equal menu or label in your individual system.
  • In case your machine remains to be coated by a guaranty, at all times converse with the producer first earlier than doing something that might probably void it. In case your machine is owned and maintained by your organization or faculty, it could have a novel safety configuration that your IT workers might want to deal with. It is also a good suggestion to get in touch along with your native PC restore store; having a certified skilled on standby is one of the simplest ways to get again on monitor for those who get rotated or encounter roadblocks.
  • At all times again up your vital information earlier than making any massive modifications to your pc. At all times. Simply do it. You will thank us later.
  • If that is your first time working in a BIOS menu, stick near the directions and do not veer too removed from the crushed path. We’re on a quite simple mission right here, and nothing I like to recommend under will do any harm to your machine or information, however altering firmware settings in your BIOS menu can have a wide-ranging affect. There are few guardrails right here, and you’ll lose a whole lot of vital information very quick. Some errors may be everlasting and, usually, there will not be any well mannered pop-ups gently asking whether or not you are positive you need to make these errors.

You must positively go searching, discover your choices and familiarize your self with what’s beneath the hood, however keep away from altering any settings or saving any of these modifications except you recognize particularly what is going on to occur whenever you do. 


New Home windows 11 options embody Microsoft Groups integration.

Microsoft/Screenshot by Sarah Tew/CNET

Is my system able to TPM 2.0 and Safe Boot? 

If the PC Well being Checker steered that TPM is not enabled, it’s best to first discover out whether or not that is an correct analysis. This is how. 

1. Out of your desktop, press the Home windows key subsequent to the spacebar + R. This can convey up a dialog field. 

2. Within the textual content discipline of the field, kind tpm.msc and hit Enter. This could convey up a brand new window labelled “TPM Administration on Native Pc.” 

3. Click on Standing. In case you see a message that claims “The TPM is prepared to be used” then the PC Well being Checker has misdiagnosed you, and the steps under will not assist. At this level, there are a number of causes you may be receiving the unsuitable error message from Microsoft, so your greatest guess is to get knowledgeable to try your machine.

In case you do not see that message, and as an alternative see “Appropriate TPM can’t be discovered” or one other message indicating the TPM could also be disabled, observe the subsequent steps. 

Now playing:
Watch this:

Windows 11 review: New OS has us asking, update or wait?


How do I enable TPM 2.0? 

You’re going to need to get to your BIOS menu so you can get to your TPM switch, and there are two ways to do that. We’ll cover both here. The first is for much newer PCs, the second method for those a few years older. Regardless of which you choose, though, you’re going to need to restart your machine. So save any work and close any open windows or programs before proceeding. 

From Windows 10’s Start menu

If you have a newer machine running Windows 10, your boot time may be too fast for you to try the traditional method of hitting a particular key to get to your BIOS menu before Windows can fully load. Here’s how to get to it from inside your normal desktop. 


Brett Pearce/CNET

1. Start your computer normally and open the Start menu by clicking on that Windows button on the far left bottom of your screen. Click on the gear-shaped Settings icon on the left side of the menu. 

2. Within the Settings window that appears, click Update & Security. On the left-side pane that appears, click Recovery. Under the Advanced startup header, click Restart now

Your computer will immediately restart, and instead of restarting and bringing you to your normal desktop screen, you’ll be brought to a blue screen with a few options. 

3. Click Troubleshoot, followed by Advanced options, followed by UEFI Firmware Settings

Your device will restart again. 

From here, go to Step 2 in the section below and follow the remaining steps. 

From start-up

You’re going to need to move very quickly for Step 1. You’ll only have a few seconds to get into the BIOS before your operating system loads. If you miss your window, no harm done, you’ll just have to restart the computer and try again. After Step 1, though, feel free to take your sweet time.

1. Restart your computer, and as it’s booting up you should see a message telling you to press a certain key to enter the BIOS, whether it uses that word or another. On most Dells, for instance, you should see “Press F2 to enter Setup.” Other messages might be “Setup = Del” (meaning Delete) or “System Configuration: F2.” Press whatever key the prompt tells you to and enter the Setup menu.

Depending on what kind of computer you have, a different key may be needed to enter your Setup menu. It could be F1, F8, F10, F11, Delete or another key. If there’s no message on the screen with instructions, the general rule is to hit the key when you see the manufacturer’s logo but before Windows loads. To find out which key will get you in, search online for your laptop’s make and model along with the phrase “BIOS key.” 

2. In the BIOS or UEFI menu, there should be at least one option or tab labelled Security. Using your keyboard, navigate to it and hit Enter. On some systems, you might need to use the + key to expand a submenu instead. 

3. Once you’re inside the Security section, you’re going to be looking for the TPM settings. This might be clearly labeled “TPM Device,” “TPM Security” or some variation. On Intel machines, it will sometimes be labeled “PTT” or “Intel Trusted Platform Technology.” It might also appear as “AMD fTPM Switch.” 

Warning: Stay alert here. Within most TPM settings menus, you generally have an option to clear your TPM, update it or restore it to factory default. Do not do that right now. Clearing the TPM will cause you to lose all data encrypted by the TPM and all keys to the encryption. This action can not be undone or reversed. 

4. From inside the TPM settings menu, you’re on one mission only: Find the switch that turns on the TPM. You’re not touching anything else. Look through the options inside this menu for one that shows some form of toggle or switch beside the word “Enable” or “Unavailable” or even just “Off.” Use your arrow keys to flip that toggle or switch. 

5. Once you’ve kicked on the TPM, look around the screen for Save. Once you’ve saved this setting, restart the computer. 



How do I enable Secure Boot? 

You’ll save yourself a headache if you keep one thing in mind about enabling Secure Boot. Sometimes after you enable Secure Boot on a machine that’s running software incompatible with Secure Boot, the machine will refuse to load Windows properly on restart. If that happens, don’t panic. You didn’t break anything. 

No matter which method you’ve used to get to the boot menu to begin with — either via Windows 10’s Start menu, or by the traditional method of hitting a specific key during start-up — you can still use the traditional method to get back to the boot menu and disable Secure Boot again. 

From Windows 10’s Start menu

Follow the steps above to access the UEFI Firmware Settings

1. Once you’re in the UEFI, you’re going to be looking for the Secure Boot setting. There are a few possible places this could be — check under any tabs labelled Boot, Security or Authentication. 

2. Once you’ve checked the tabs and found the Secure Boot setting, toggle the switch beside it to turn it on or enable it. 

3. Find your Save feature and, after you’ve saved your changes and exited the menu, your computer should reboot and bring you back to a normal Windows desktop. 

There are some PCs on which you may not be able to readily find the Secure Boot setting. Some computers will load Secure Boot keys under a Custom tab. Some computers won’t allow you to enable Secure Boot until certain factory settings are restored. If you’re unable to access Secure Boot, or get roadblocked here, it’s best to get help from a professional rather than take chances. 

From start-up

If you’re not working with UEFI, then you should be able to just enable Secure Boot in BIOS. 

1. Just as you did when enabling your TPM, hit F2 (or whichever key your manufacturer specifies) as your computer is booting up and enter the BIOS menu. 

2. Go to the tab or option that says BIOS Setup, and then select Advanced

3. Next, select Boot Options and a list of them should appear. 

4. In that list, find Secure Boot. Enable it. 

5. Hit Save, exit the menu system, and restart your computer if it does not restart automatically. 

Now playing:
Watch this:

Windows 11: Top new features in 2021


What if I don’t have a TPM chip? 

As noted by CNET sister publication ZDNet back in 2017, motherboard manufacturers sometimes skimp on installing the actual TPM chip and instead send the boards out with only the part that allows the chip to connect to the board. If you find out that you were shorted on your TPM chip when you bought your PC, and you don’t have a virtual or firmware TPM version, you still have a few options. 

Your first option is to try to return your machine via your manufacturer warranty. That is, of course, assuming your machine’s manufacturer is willing to install the chip it already sold you, or replace your model with one that has a chip. Your second, and most expensive, option is to simply buy a newer machine after verifying that it does, indeed, have an actual TPM 2.0-capable chip. 

If your warranty is already voided, your third option — less expensive, but perhaps more difficult — is to buy a whole new motherboard with a TPM 2.0 chip installed, then either swap out the boards yourself or have your local aftermarket repair shop handle the job. Be warned, however, that the ongoing global chip shortage has squeezed the world’s supply of motherboards, making them more difficult to find and pushing prices to upward of $300 to $400 dollars for some brands. That’s another place your local repair shop may be able to help. 

Finally, either you or your repair shop can try your fourth option: hunting down a TPM chip with the right specifications for your motherboard and installing it. Depending on the type you go with and where you get it from, a TPM 2.0-capable chip can run you anywhere from $70 up. Luckily, the basic structures of the boards and chips are similar enough that — if you’d like to get your hands dirty under the hood — it’s possible to install a TPM chip yourself. ZDNet has step-by-step instructions (with a helpful gallery of pictures to guide you).

Whichever route you go, we strongly advise you to first consult either your manufacturer or a device repair specialist before you try to take apart your machine. Spending a few moments with a knowledgeable professional could be all it takes to turn your upgrade nightmare into a quick fix, and spare you excessive replacement costs. 

For more, check out how to download Windows 11, and the best new Windows 11 features and how to use them.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts