Windows 11 has, like any operating system, minimum requirements to be able to run on a PC or laptop. In addition to asking for more RAM than Windows 10 (before they were 2GB, now they are 4 ), since this new version was announced, there was a criterion that generated controversy: that of requiring that computers have a TPM.
The simplest way to know if our equipment is compatible with Windows 11 is to download PC Health Check, an official Microsoft program that will tell us if our equipment is suitable. If it is, you can now install Windows 11 as an insider (its official launch is next Tuesday), from the official Microsoft website.
If not, you have to touch the configuration a bit and, before this, explain some questions.
First: what is a TPM and why did it generate so much noise in the tech environment? The Trusted Platform Module , are safe “Cristo processors” keep key encrypted to give more security to the user. The first problem that everyone raised was that Windows was putting as a condition to run its new version something that had to be purchased separately.
But immediately the tech news channels warned that if you have a computer manufactured from 2016 onwards, the TPM is already integrated into the motherboard of your PC or laptop, but installed passively.
This means that it is not activated from the factory, so you have to change some settings. And, for this, we must have the boot system in “Secure Boot” mode.
This is not difficult at all, but it requires two issues to be addressed. The first, that you have to touch settings a little more advanced than normal from the computer’s BIOS menu , that is, from the start (its acronym responds to Basic Input / Output System and is the basic interface of computers).And the second, that before making changes to the BIOS it is advisable to make a backup of the information, since although the risk of failure is low, if something fails in the medium there may be loss of information ( implement these changes at your own expense risk ).
Secure Boot
The first thing that you have to activate is the secure boot mode, a secure boot that began to be implemented from Windows 8 onwards to protect potential threats such as bootkits, which are installed at the start of the operating system.
The issue is that some computers are still configured with an older type of boot, called ” Legacy “, despite the fact that they are new computers, which tend to be handled with UEFI (Unified Extensible Firmware Interface, an interface that mediates between the operating system and the firmware that allows us to change the system startup values and other advanced settings).
To check what type of boot we have configured, click on the start menu and type “System Information”.And there we will see what type of BIOS we have configured:
How to check in which mode we have the BIOS
In our case we already have UEFI activated , but before this we had it in Legacy.If it says Legacy, then you have to run a command from the advanced startup options to change it: Start, and then press restart while holding the Shift key on the keyboard.
Here we will go to a section of advanced options in which we have to go to “Troubleshooting” and then “Advanced options”. There we have to open the command prompt.
A command interface will open and you have to type the following:
mbr2gpt /validate
Once we see the message “the validation has completed successfully”, enter the following command:
mbr2gpt /convert
Once we did all this, now we can enter the BIOS menu. This is done by restarting the computer and, when viewing the initial loading screen, repeatedly pressing DEL or F10 (varies by manufacturer).
From there, now, the Secure Boot option can be activated , which can vary according to each motherboard.
How to enable the TPM
Once we have activated Secure Boot we can proceed to activate the TPM of our motherboard.
Again, this can also change for each board. In many of them it is under the security options, but in some brands such as Asus it may be within ” advanced “. For example, MSI:
And Asus:
In the case of older computers, you can buy the module separately and install it on the motherboard (although this makes the issue quite expensive).
Once these changes are executed, Windows 11 can be installed from the insider program before its official launch, which is next Tuesday.
Why Microsoft is asking for these advanced changes
The question that arises is why there are so many changes that, for an average user, are advanced. Microsoft, in fact, did not ignore the controversy that raised the matter and earlier this month issued a memo explaining how to activate all this.
The TPM chip allows you to save administrator passwords or even encrypt storage drives and their information, folders and files.
It even allows you to store the biometric data of the login such as fingerprint or facial recognition.It happens that the TPM communicates with the computer’s processor and only with it: this prevents other components from accessing personal data without the permission of the CPU.
This is for security: it prevents some viruses from installing themselves on the storage unit (hard drive or SSD) and accessing passwords or personal information.There are several versions of the TPM, the most widespread is 2.0 , which allows incorporating biometric data.
Thus, what may seem like a stumbling block to activate from the settings but makes the sense of bringing a step forward in computer security.