Unable to install Windows 11 due to “SecureBoot” and / or “TPM 2.0” errors? Here’s how to enable both and a quick workaround that completely negates the need for them.
With the release of Windows 11, users around the world are all excited and enthusiastic. The new interface looks refreshing, engaging, and quite user-friendly for the most part. However, before you can take the plunge, here are a few things you need to know.
Many users reported that they encountered errors while installing Windows 11 through setup or checking if their PC supports Windows 11 using the PC health checker app.
Common Windows 11 compatibility errors
If you get a “This PC cannot run Windows 11” error in the PC Health Check app, these are the errors you are probably seeing. Read carefully to understand the significance of each of these errors.
⚠️ TPM 2.0 is a requirement to run Windows 11
If you get the TPM 2.0 compatibility error in Windows 11, you need to enable it in your PC BIOS settings. If you have newer hardware your system is likely to support TPM 2.0, if not, you may need to use a workaround to bypass the TPM 2.0 requirement in Windows 11 (as described further on this page).
Read → What is the TPM 2.0 requirement in Windows 11
⚠️ The processor is not supported for Windows 11
The minimum system requirements for Windows 11 state that you must have an Intel 8th generation or higher processor to be able to install Windows 11. All Intel Core processors below 8th generation are no longer supported by the latest version of Windows .
You can view the list of supported processors for each hardware manufacturer here → AMD | Intel | Qualcomm.
⚠️ The PC must support Secure Boot
Windows 11 requires you to have Secure Boot enabled on your system to be able to run the latest version of Windows. Fortunately, Secure Boot is supported by a wide variety of systems, and your PC is likely to support it, but it just isn’t turned on. The fastest way to verify Secure Boot support on your PC is to boot into BIOS and see if the BIOS security settings allow Secure Boot to be enabled on your system.
⚠️ System disk must be 64 GB or more
The Windows 11 PC Health Check app also checks the size of the disk partition where Windows is currently installed. If it is less than 64 GB, then you need to extend and increase its volume to 64 GB or more in order to install Windows 11 on your system. Or, you can always choose to install Windows 11 on a different disk partition on your system when installing Windows 11 from a bootable USB drive.
Fixed “secure boot” error
Many users have encountered the error “This PC cannot run Windows 11” with “The PC must support Secure Boot” mentioned as the reason while running Windows 11 installer.
In this case, you need to enable “secure boot” in the BIOS settings. But before activating it, it is imperative that you understand what it is.
What is Secure Boot?
This is a security standard that was developed to ensure that the PC only boots with software approved by OEM (Original Equipment Manufacturer). It prevents malware or malware from starting when you start the computer. When the setting is enabled, only drivers with a certificate from Microsoft will load.
How to enable Secure Boot in BIOS settings
To note: The process below is for an HP laptop. The keys to access the different options and the interface may differ depending on the manufacturer. However, the concept remains the same. Consult the manual that came with the system or search the web to identify the keys and understand the interface.
To enable Secure Boot, shut down the system and then restart it. As soon as the display lights up, press the ESC
to enter the “Start menu”.
Then press the F10
to enter ‘BIOS Setup’. The keys you see below to access the different options may be different for your computer. Check the same from the computer screen or search the web for your computer model.
Then go to the “Advanced” tab in the “BIOS Setup”.
If you find the “Secure Boot” option grayed out, it is likely that the current “Boot Mode” is set to “Legacy”.
To access the “Secure Boot” option, select the “Native UEFI (No CSM)” setting under “Boot Mode”, then check the “Secure Boot” box.
As soon as you check the box, you will be asked to confirm the change. Click on ‘Accept’.
Finally, click “Save” at the bottom to apply the new settings, then restart your computer.
‘SecureBoot’ is now activated on your system.
To note: After enabling ‘SecureBoot’ you might not be able to boot the system, as I did. Therefore, enter the “Start” menu after restarting the system, select “Device boot option”, select the USB drive you flashed Windows 11 on and proceed with the installation.
How to enable TPM 2.0 in BIOS settings
One of the other system requirements for Windows 11 is support for TPM 2.0. The Windows 11 installer displays the error “The PC must support TPM 2.0” when you run the installer from Windows only, not through a bootable USB drive. There it can only display the error “This PC cannot run Windows 11”.
Fortunately, it is easy to enable TPM 2.0 in the BIOS settings. But before we go ahead with enabling “TPM 2.0” in BIOS, let’s also check its current state in the system first.
To check the status of ‘TPM 2.0’, hurry WINDOWS + R
to launch the ‘Execute’ command, enter tpm.msc
in the text box, then click “OK” or press ENTER
to launch the TPM Management dialog box.
Then check the “Status” section. If it displays “TPM is ready for use”, it is already activated.
If you see “Compatible TPM not found”, it’s time to enable it in BIOS settings.
To note: The process may be different for different manufacturers, it is recommended that you visit your hardware manufacturer’s support page in case the following steps do not apply to your system.
To activate ‘TPM 2.0’, restart your PC and press the ESC
as soon as the screen lights up to enter the ‘Startup Menu’. You will be presented with the different key options for the different menus. Identify the one for ‘BIOS Setup’ and press it. In my case (HP laptop) it was the F10
key.
You will now find several tabs listed at the top, navigate to the “Security” tab.
In the “Security” tab, locate and select the “TPM Emded Security” option.
To note: In some cases, the option may be grayed out. To access the option, you will need to configure the “BIOS administrator password”. Once you have configured the password, you can access the TPM and other settings that were previously grayed out.
Next, locate the “TPM Device” option and set it to “Available”. Finally, click “Save” at the bottom to apply the changes.
TPM is now activated on your computer.
How to bypass Windows 11 “Secure Boot” and “TPM 2.0” Requirements
If you are unsure about making any changes to BIOS settings, there is an easy workaround for you. With this, you can bypass enabling “Secure Boot” or “TPM 2.0” on your computer and bypass Windows 11 security requirements without any problem.
What is the workaround? We will use the ISO of Windows 10, mount it on the system, then copy the appraiserres.dll
from the “sources” folder to the “sources” folder of the Windows 11 ISO bootable USB key. This will bypass the new security checks in the Windows 11 installer system requirements.
To get started, download the Windows 10 ISO file from Microsoft. Then right click on it and select the “Mount” option from the context menu. The process may take some time.
Then navigate to the mounted drive and open the “sources” folder.
Find and copy it appraiserres.dll
from the Windows 10 ISO “sources” folder.
Next, navigate to the USB drive you flashed Windows 11 on and open the “sources” folder. Then right click on the vacant room and select ‘Paste’ from the context menu. You can also use the CTRL + V
keyboard shortcut for pasting files.
Since appraiserres.dll
the file that we paste would also be present in the “sources” folder of Windows 11, you will get a “Replace or ignore files” dialog, make sure to click on the “Replace files in destination” option and wait to complete. It is essential that you replace this file.
After the file is replaced, restart the computer and install Windows 11 through the “Boot Device Options” in the “Boot Menu” as expected. You will no longer encounter the error related to ‘Security Boot’ and ‘TPM 2.0’.
Install Windows 11 on a Legacy BIOS?
If you happen to have a very old Windows PC with a motherboard that doesn’t even have the option to enable Secure Boot, there is another workaround for you to install Windows 11 on your old PC. .
What you need to do is create a bootable Windows 10 USB drive and then replace the install.wim
files from its ‘sources’ folder with the install.wim
from the “sources” folder of the Windows 11 ISO image. Below is a link to our detailed guide on this subject.
TUTORIAL → How to install Windows 11 on a legacy BIOS without secure boot
Now that there are no more obstacles, you can install Windows 11 and enjoy the refreshing and attractive interface it has to offer. Plus, you’d be among the first to have hands-on Windows 11 experience. Be prepared to brag about it!