Geeks in Phoenix

Geek Blog


Enabling TPM for Windows 11 upgrade on 2018-2021 Windows 10 PCs

Was your computer manufactured between 2018 and 2021 and still running Windows 10 because you have yet to be prompted to upgrade to Windows 11? If so, it could be Windows 11 compatible and needs a feature turned on. Here is how to enable the Trusted Platform Module (TPM) in your computer.

Enabling TPM for Windows 11 Upgrade on 2018-2021 Windows 10 PCs

One of the services we offer is to perform a clean installation of Windows. When doing clean installs, I find that most systems manufactured between 2018 and 2021 do not have the TPM enabled. Once I enable the TPM, I usually will do a clean installation of Windows 11 instead of Windows 10.

So, what is the TPM? The TPM is a microchip that provides hardware-based security functions. It is designed to provide a secure foundation for various security-related functions, such as BitLocker drive encryption, Windows Hello, secure boot, and more. By providing a secure environment for sensitive operations, TPM helps protect the system's integrity and the data's confidentiality.

The first version of the TPM, 1.2, started to appear in computers in 2006 and was a dedicated chip. TPM version 2.0 (the version required by Windows 11) began to appear in computers in 2018 and is a firmware extension of the CPU (Central Processing Unit). Between 2018 and 2021, the TPM function of most computers was turned off by default, as no version of Windows required it.

Then, in 2021, Microsoft released Windows 11 and changed the hardware requirements for Windows. Windows 11 now requires a TPM version 2.0 for Windows 11 to be installed. There were registry hacks and other ways to get around it, but Microsoft quickly patched those flaws.

So, the first thing you need to do is find out the status of the TPM inside Windows 10. By bringing up the TPM Management console, you can see if a TPM is enabled and what version it is. To open the TPM Management console, perform either of the following:

  • Open a RUN dialog box by pressing the Windows logo key Windows logo key + R, type tpm.msc in the Open field, and left-click on OK.
    or
  • Open a search box by pressing the Windows logo key Windows logo key + S, type tpm.msc, and choose tpm.msc Microsoft Common Console Document.

Once the TPM Management console appears, it will tell you if a TPM is enabled and what version it is.
TPM status inside of Windows 10
If it states that a compatible TPM could not be found, you will have to either research the system/motherboard specifications online or boot your computer into the BIOS (Basic Input/Output System) / UEFI (Unified Extensible Firmware Interface).

Now, before you research online or boot into the BIOS/UEFI, let's talk about what you will be looking for. The CPU manufacturers (Intel and AMD) have different names for implementing the TPM firmware extensions.

  • The TPM extension inside Intel processors is called Platform Trust Technology (PTT).
  • The TPM extension inside AMD processors is called Firmware TPM (fTPM).

The quickest and easiest way to check for a TPM is to boot your computer into the BIOS/UEFI. This may take several tries, as interrupting the booting cycle for your computer can be challenging. If you don't interrupt the boot process the first time, just let the computer boot to the login screen and restart it.

  1. Restart your computer and access the BIOS/UEFI settings. The method to access these settings varies depending on the manufacturer of your computer. Typically, you can access the BIOS/UEFI settings by pressing a specific key (such as F2, F10, or Del) during the boot process. Most of the time, pressing either the F2 or the Del key rapidly when the splash screen (the manufacturer logo) appears will get you into the BIOS/UEFI settings. Consult your computer's manual or the manufacturer's website for specific instructions.
  2. Once in the BIOS/UEFI settings, navigate to the Security or Advanced tab. Look for an option related to TPM or Security. The wording may vary depending on the manufacturer. Remember to look for PTT in systems with Intel processors and fTPM for systems with AMD processors.
  3. Enable the TPM feature and save the changes before exiting the BIOS/UEFI settings. Your computer will restart.
  4. After enabling TPM in the BIOS/UEFI settings, you can verify that it is enabled in Windows 10 by opening the TPM Management console (as previously outlined). It should now show that TPM is enabled.

Once the TPM is enabled, you can wait for Windows Update to offer the Windows 11 upgrade or manually upgrade Windows 10 to Windows 11. Enabling the Trusted Platform Module on computers manufactured between 2018 and 2021 running Windows 10 is an important step towards being able to upgrade to Windows 11. By following the steps outlined in this article, users can verify the presence and version of a TPM and enable it in the BIOS/UEFI.

Windows 11 hardware requirements explained

Updated May 16, 2024

Are you confused about the hardware requirements for Windows 11? Want to know why your computer can or cannot be upgraded to Windows 11? Let's take a detailed look at the hardware requirements for Windows 11.

Windows 11 hardware requirements explained

With Windows 11, Microsoft is focusing on security and is enforcing the hardware requirements to run it. Previous versions of Windows (10, 8.1, and 7) all had the exact general hardware requirement.

However, with Windows 10, the security requirements were still there, but they were not being enforced. The Unified Extensible Firmware Interface (UEFI), Secure Boot, and Trusted Platform Module (TPM) (see below) requirements were optional for Windows 10 to install and run.

For example, TPM has always been required to enable BitLocker drive encryption. Windows 10 would use either TPM 1.2 or TPM 2.0. However, the TPM 1.2 standard has been depreciated, so TPM 2.0 is now the de facto standard.

And if you look into UEFI, you will find that Secure Boot is part of that standard. And since UEFI can take advantage of the TPM, it makes sense to include all three (3) in the requirements for Windows 11.

Note: Sorry if anybody still running a 32-bit version of Windows 10, but Windows 11 is only available in a 64-bit version.

Hardware requirements for Windows 7, 8.1 and 10

Processor - 1 Gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor

Memory - 1 Gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)

Storage - 16 GB (32-bit) or 20 GB (64-bit)

Graphics card - Compatible with DirectX 9 with WDDM 1.0 or higher driver

Hardware requirements for Windows 11

Processor - 1 Gigahertz (GHz) or faster with two or more cores on a compatible 64-bit processor or System on a Chip (SoC). This requirement is now particular about which processors are compatible with Windows 11. General Rule of thumb: If the processor is under six (6) years old, it should run Windows 11. Microsoft has a list of processors that are compatible with Windows 11.

Memory - 4 Gigabytes (GB) RAM. This requirement has increased from 2GB to 4GB, which is no biggie. I have not seen a computer with only 2 GB of memory in over a decade.

Storage - 64 GB or larger storage device. This requirement has also increased, and it is about time. I have seen Windows 8.1 and Windows 10 installed on 32 GB drives, which is not pretty. The biggest problem is there usually is not enough free space to perform a feature update. I recommend at least a 256 GB drive for the operating system and programs.

Graphics card - DirectX 12 graphics device or later with WDDM 2.0 driver. Since DirectX 12 was released with Windows 10 back in 2015, most modern graphic cards will be compatible with Windows 11.

Hardware requirements that are no longer optional

Display - A high definition (720p) display greater than 9" diagonally, 8 bits per color channel. This requirement is pretty easy to meet.

System firmware - UEFI and Secure Boot capable. UEFI (Unified Extensible Firmware Interface) has been used for over a decade now, so most computers running have UEFI enabled. And since the Secure Boot specification is part of the UEFI, that should already be in place. However, you may have to change some settings in your computer's BIOS (Basic Input / Output System) to enable UEFI and Secure Boot.

TPM - Trusted Platform Module (TPM) 2.0. Besides the processor requirement, this is another stumbling point for upgrading to Windows 11. A TPM can be a separate module that you connect to your motherboard or be part of the chipset on your motherboard. Most modern motherboards will use FTPM (Firmware Trusted Platform Module) included in the chipset. However, you may have to change some settings in your computer's BIOS (Basic Input / Output System) to enable the TPM.

Note: Computers with TPM 2.0 started hitting the market in 2018. Since the Windows 10 hardware requirements did not require the TPM, most computer system and motherboard manufacturers disabled the TPM by default. It wasn't until Microsoft released Windows 11 in 2021 that manufacturers started to enable the TPM 2.0 by default. So, if your computer was built between 2018 and 2021, there is a good possibility that it can run Windows 11. To enable the TPM 2.0 on one of these systems, you must check the owner manual for your computer/motherboard to see how to enable the TPM 2.0.

Storage structure - There are two (2) types of drive structures: MBR (Master Boot Record) and GPT (GUID Partition Table). Previous versions of Windows would run on either of these structures. Windows 11 requires GTP for the drive that contains Windows 11. Microsoft has included a tool inside Windows 10 to convert drives from MBR to GPT. Here is a link to the documentation for MBR2GPT.EXE.

Maintain your drive with SpinRite

Updated September 22, 2024

When it comes to maintaining HDDs (Hard Disk Drive) or SSDs (Solid State Drive), running a disk check will usually find any software-related issues. But when I need to check the hardware inside a drive, I will use SpinRite from Gibson Research Corporation.

Intro screen from GRC SpinRite
Intro screen from GRC SpinRite

SpinRite is a storage data recovery, repair, and maintenance program that works on HDDs and SSDs. SpinRite includes a feature called DynaStat that can reassemble missing data from bad sectors. SpinRite is a self-contained program that runs on top of a version of FreeDOS (Free Disk Operating System).

Graphic Status Display screen from GRC SpinRite
Graphic Status Display screen from GRC SpinRite

SpinRite has five (5) levels of operation, each building on the previous level.

  • Level 1 - Examine storage media: This operation rapidly read-scans the entire storage media surface independent of whatever data and/or file system that may be present. This level will read every sector of the selected drive(s) psychical surface, looking for areas that appear healthy but could fail.
  • Level 2 - Recover unreadable data: This operation rapidly read-scans the entire storage media for any unreadable or difficult to read data sectors. Spinrite will then attempt to recover unreadable data using the built-in advanced recovery technology.
  • Level 3 - Refresh storage media: This operation performs all of the scanning and data recovery of Level 2. This level will read and write every sector of the selected storage media psychical surface, mainly exercising the hard drive. It tests and verifies every sector on the drive(s).
  • Level 4 - Refresh and verify media: This operation performs all of the scanning and data recovery of Level 3. This level will read, write, and invert every sector twice of the selected drive(s) psychical surface. This tests and verifies that every 'bit' on the selected partition can be successfully written to and retrieved.
  • Level 5 - Exercise storage media: This operational level should only be used on HDDs. This level does everything that all other levels do and restores any areas that may have been previously marked as defective but are now reliable.

DynaStat Data Recovery screen from GRC SpinRite
DynaStat Data Recovery screen from GRC SpinRite

Note: If your Windows-based computer uses BitLocker drive encryption, it must be paused or disabled before you can run Spinrite. See the link below for instructions on how to do this.

Now, I have been using SpinRite for several years, and running it used to be fairly simple. If you could not get your system to boot from the SpinRite media, just go into the BIOS and change the boot mode. But with BitLocker drive encryption, things have changed.

For you to be able to run SpinRite on your system, it needs to be able to boot using either BIOS (Basic Input-Output System) or UEFI (Unified Extensible Firmware Interface) with BIOS capability support. For you to boot your system, you may have to turn off secure boot.

Warning: Secure boot is directly tied into BitLocker drive encryption, and if your drive is encrypted and you turn off the secure boot function without pausing or turning off BitLocker, you can lose access to that drive. Here is how to turn off BitLocker drive encryption.

GRC does have a free app called BootAble that will create a bootable USB drive to verify whether your system can boot using the SpinRite version of FreeDos. SpinRite is available from Gibson Research Corporation for $89 (as of this writing). For more information on SpinRite, follow the link below.

Gibson Research Corporation SpinRite

How to use Windows 10 Advanced Boot Options

Updated September 26, 2024

Since I do computer repair for a living, there are times when I need to boot a Windows 10 system up into Safe Mode. But with newer computers utilizing UEFI (Unified Extensible Firmware Interface) and fast/safe boot features, this can be challenging. So here is how to use the Windows 10 Advanced Boot Options.

How to use Windows 10 Advanced Boot Options

In previous versions of Windows, getting to the advanced boot options was pretty easy. All you had to do was press the F8 key at startup. But with Windows 10, getting the advanced boot options is a little different. You can bring up the advanced boot options just one time or set it up permanently. Both require the system to be able to boot up into Windows 10 first.

Enable Windows 10 Advanced Boot Options screen one-time

You can bring up the one-time Windows 10 boot options, either logged on or off. Since I repair computers for a living, I prefer not to log in under any user's profile. That way, I don't have to deal with any of the programs that may load when a user signs in. There are two (2) ways (logged in and logged out) of getting to the Windows 10 one-time boot options.

When you are logged in to Windows 10:

  1. Left-click the Start Windows logo button to bring up the Start menu.
  2. Left-click on Settings (the gear icon).
  3. Left-click on Update & Security.
  4. In the left column, left-click on Recovery.
    Windows 10 advanced startup option when logged in
  5. Under Advanced startup, left-click on Restart now. The computer will log you off and bring up the Choose an option screen.

When you are logged out of Windows 10:

  1. At the login screen, left-click on the Power button in the lower right-hand corner to bring up the different options.
    Windows 10 advanced startup option when logged out
  2. Hold down the Shift key on the keyboard and right-click on Restart. This will bring up the Choose an option screen.

When you get to the Choose an option screen:

Windows 10 choose an option screen

  1. Left-click on Troubleshoot.
    Windows 10 troubleshoot screen
  2. Left-click on Advanced options.
    Windows 10 advanced options screen
  3. Left-click on Startup Settings.
    Windows 10 startup settings screen
  4. Left-click on the Restart button.
    Windows 10 standard advanced boot options screen
  5. When the Startup Settings page appears, select the number that coincides with the function you would like to perform.

Enable Windows 10 Advanced Boot Options screen permanently

This option should be used very carefully. Not only do you have to edit the boot configuration of your Windows 10 computer, but once permanently enabled, you will have to select a boot option you want to use every time your computer starts or restarts. There is no timer for this screen, unlike in previous Windows versions. You will need to use an administrative command prompt to edit the boot configuration.

How to open a Command Prompt with Administrator privileges in Windows 10

The first thing we have to do is turn on the Windows 10 Advanced Boot Options. Type or cut and paste the following code into an administrative command prompt:

bcdedit /set {globalsettings} advancedoptions true

To turn off the Windows 10 Advanced Boot Options, type or cut and paste the following code into an administrative command prompt:

bcdedit /set {globalsettings} advancedoptions false

You can also change the default boot manager used with the advanced boot options. The default is the Windows 10 standard version, but you can change it to the legacy version if you like the old DOS look.
Windows 10 legacy advanced boot options screen
To change to the legacy boot manager used in previous Windows versions, like Windows 7, you can type or cut and paste the following code into an administrative command prompt:

bcdedit /set {default} bootmenupolicy legacy

To restore the boot menu to the default, type or cut/paste the following code into an administrative command prompt.

bcdedit /set {default} bootmenupolicy standard

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube