The "This PC Can't Run Windows 11" window from PC Health Check

If you’ve run Microsoft’s PC Health Check and been told Windows 11 doesn’t officially support your PC, there’s a chance you need to enable TPM and Secure Boot on your PC. Here’s how.

Windows 11 Requires TPM 2.0 and Secure Boot

For some PCs, the root of the problem with PC Health Check is that they have Secure Boot and TPM disabled in UEFI, which is the basic system that allows your operating system to work with your PC hardware. Many people still call UEFI their “BIOS,” even though that term technically refers to an older standard.

After enabling TPM and Secure Boot, it’s possible your PC will pass the Windows 11 compatibility check if it meets all the other system requirements.

RELATED: What Are the Minimum System Requirements to Run Windows 11?

How to Enable TPM and Secure Boot in UEFI

To enable TPM and Secure Boot in your UEFI, first, you’ll need to shut down your device. When you turn it back on, there will be a special keyboard key or button you’ll need to press at just the right time to get into your UEFI settings.

The exact key you’ll need to press varies depending on the manufacturer, so you’ll need to either consult your device’s operating manual or perform a web search for your device name along with  “bios key” or “UEFI key.” For some motherboards (especially if you built your own PC), you might see a small message on the screen at boot telling you which key you need to press to enter BIOS settings.

For example, on an Acer Spin 3 laptop we have, you access the UEFI configuration menu by powering up the laptop and pressing F2 on the keyboard when you see the “Acer” splash screen.

Once you’re in your UEFI setup screen, instructions will also vary dramatically on how exactly to enable Secure Boot and TPM, but in general, you’re looking for “Security” or “Boot” options.

In this example Setup Utility by American Megatrends (your setup will likely look different), you can find the TPM options under the “Security” tab. Look for “TPM” and make sure it’s enabled. If not, change the settings in your particular UEFI to enable it.

In your UEFI's "Security" menu, look for "TPM" and "Enabled."
Benj Edwards / How-To Geek

Similarly, in our example UEFI, we can find our Secure Boot settings under the “Boot” tab. Look for the “Secure Boot” option and make sure it’s enabled.

In your UEFI's "Boot" menu, look for "Secure Boot" and "Enabled."
Benj Edwards / How-To Geek

After that, make sure you save the changes you’ve made to your UEFI before you exit the configuration utility (you can usually select “save and exit” as one of the options).

Note: If you don’t see anything about TPM or Secure Boot on your computer’s UEFI or BIOS settings screen, your PC may be too old to have these features.

After exiting, your PC will restart and Windows will load. When you run the check again, you will hopefully pass the test. If these features are enabled and your PC still doesn’t pass the check, there’s another reason why your machine is incompatible with Windows 11.

RELATED: What's the Difference Between Windows 10 and Windows 11?

What Are Secure Boot and TPM Anyway?

Secure Boot is a UEFI feature that only allows signed operating systems to work, which can help protect you from malware. Aside from checking your BIOS, you can check System Information within Settings to see if your system supports Secure Boot.

Similarly, TPM (short for “Trusted Platform Module”) helps with security by providing encryption of your data thanks to a special chip inside your machine. Most machines built after 2016 include the TPM 2.0 chip required to run Windows 11.

To check your TPM chip, you can press Windows+R, type tpm.msc , and press Enter. In the TPM management console that appears, you’ll find information on your PC’s TPM module, and you’ll see its version number under “Specification Version.”

Good luck!

RELATED: How to Check If Your Computer Has a Trusted Platform Module (TPM) Chip

Profile Photo for Benj Edwards Benj Edwards
Benj Edwards is a former Associate Editor for How-To Geek. Now, he is an AI and Machine Learning Reporter for Ars Technica. For over 15 years, he has written about technology and tech history for sites such as The Atlantic, Fast Company, PCMag, PCWorld, Macworld, Ars Technica, and Wired. In 2005, he created Vintage Computing and Gaming, a blog devoted to tech history. He also created The Culture of Tech podcast and regularly contributes to the Retronauts retrogaming podcast.
Read Full Bio »