When Windows 11 was announced, there was a pretty big surprise or a big upset: In contrast to most previous Windows versions, Microsoft decided to incorporate two significant requirements or hurdles: TPM 2.0 and Secure Boot. First of all: In both cases, interventions in the UEFI / BIOS are probably necessary. That sounds “dangerous”, but it isn’t. You can’t go wrong even in the BIOS (stands for Basic Input / Output System). If you click on it once or change something unintentionally, you can press the Esc key at any time or go to the far right in the menus and exit there without saving.
The second note in advance: Even if we keep talking about BIOS here, it is probably UEFI (Unified Extensible Firmware Interface) or a mixture of BIOS and UEFI nowadays. In addition, the term BIOS has become commonplace and many mean UEFI, but say BIOS. Before carrying out such interventions, however, you should download and run the Windows 11 system check tool. This application reveals whether a PC is fit for Windows 11 and, if not, what needs to be done to meet the minimum requirements. The program also reveals whether TPM 2.0 or the secure start, i.e. Secure Boot, are active.
Activate TPM 2.0
The first setting we focus on is the Trusted Platform Module or TPM for short. This is a special chip that is used to generate, store and protect encryption keys. Such a chip is usually already integrated on modern mainboards, but can also be retrofitted in an emergency. Before you do that, you should check whether the CPU and other components also support Windows 11, because if you don’t have a TPM on board, there’s a good chance that the rest of the hardware is older. There are essentially two ways to activate TPM 2.0: directly via Windows 10 and via a boot sequence.
First, let’s look at the path that leads directly through Windows 10:
- Open settings
- Click on “Update and Security”
- Go to “Recovery”
- At “Extended start” press the button “Restart now”
- Click on “Troubleshoot”
- Go to “Advanced Options”
- Go to UEFI firmware settings (note: devices with legacy BIOS do not have this option)
- Press “Restart”
- Now you end up in the UEFI settings. Search is now the order of the day, you have to find the appropriate entry for the Trusted Platform Module (TPM). This is often placed at points such as advanced or safety. In addition, the whole thing hides behind the abbreviation fTPM. By the way, there is no generally valid way here, because this setting differs from manufacturer to manufacturer or motherboard to motherboard – you should therefore consult the manufacturer’s website or the manual
- Once you have found the TPM setting, it must of course be activated (i.e. set to “Enabled”)
- Now you should leave the UEFI settings
- The settings have to be confirmed and the PC has to be restarted
The above-mentioned way is ultimately only one of two possible ways to get into the UEFI or BIOS. If you cannot or do not want to do this via Windows 10, you should restart the PC or switch it on regularly. In the course of the boot process, the first thing that appears is a display or a boot screen or so-called bootsplash. This then takes you to the BIOS after pressing a certain key (which one exactly is clarified by a quick look at the manual. In most cases, it is the F2 or Del key).
Restart and Get into the UEFI
- to turn on the computer
- The boot screen should read which key you have to press to get to the firmware
- It is best to press this key several times in succession so as not to miss the right time. Usually this is the Delete key, Esc or function keys (often F2) are often used here
- You land in the UEFI settings and should proceed as described above from point 7.
Secure Boot Activation
Secure Boot is the second important function that Microsoft requires for Windows 11. The “safe start” ensures that the system only allows bootloaders that have been signed-in advance. This increases security because malware cannot sneak in when the system is started. To enable Secure Boot in the UEFI settings, you have to proceed as described above, which is why we will not again list everything step by step at this point. Before doing this, however, you should check whether Secure Boot is not already active.
Check whether Secure Boot is active or not
- Open start
- Search for “System Information”, typing in the word “Systemi *” is usually sufficient; the appropriate symbol should also be the first result
- In the system overview you should look for the item Secure Boot State, there you can find out whether Secure Boot is active or not
- You should also check the “BIOS Mode”: If it says UEFI, then Secure Boot can be activated without much effort; if you read “Legacy (BIOS)” or “Previous version”, additional steps are required.
As already mentioned, it is now again (as previously explained and described) to get into the UEFI / BIOS. Secure Boot should be activated there, but the exact where is different from board manufacturer to board manufacturer. As a rule, however, this point can be found under “Security”. If it is not, the manual or the manufacturer’s website should be consulted.
Secure Boot is on, but BIOS mode is in Legacy – what now?
If you have successfully activated Secure Boot and run the system check tool for Windows 11, you may still not be fit for the new operating system. As mentioned, this is due to the legacy mode of the BIOS. The reason is that you have to switch the drive from Master Boot Record (MBR) to the GUID Partition Table (GPT) used by UEFI. Microsoft instructions for using the MBR2GPT tool in Windows 10
This is usually done during a clean installation. But do not worry: this is not necessary. The changeover can be carried out during operation and without data loss, with the help of a simple Microsoft tool called MBR2GPT.exe – this should already be in the correct folder (C: WINDOWS system32)
- Search for a command prompt via Start
- Right click and run as administrator
- Enter or copy the following command: mbr2gpt / convert / allowfullOS
- Press Enter and execute the command
- That’s it, then you can go to the firmware to set the UEFI mode
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.