Windows users who are planning an upgrade to Windows 11—or who want to keep modern games and anti‑cheat systems working—need to know whether their PC has a Trusted Platform Module (TPM) and whether it’s enabled; the checks are quick, the fixes are usually straightforward, but a few important caveats can cost you encrypted data or an unbootable system if you rush. This guide walks through every practical method to verify TPM presence and state on Windows, explains how to enable TPM (and the common firmware labels you’ll see), highlights the risks (BitLocker and clearing the TPM), and explains why the platform‑level requirement matters for Windows 11 and modern games. Key commands, step‑by‑step firmware guidance, and a short troubleshooting checklist are included so you can act safely and confidently.
Example (typical output fields you’ll see):
If you want a one‑page action plan to run now:
Source: Neowin How to check if TPM is supported and enabled on your PC
Background / Overview
What is TPM and why it matters now
A Trusted Platform Module (TPM) is a hardware or firmware component that provides a secure, tamper‑resistant place to generate and store cryptographic keys, perform platform attestation (measured boot), and help protect features like BitLocker and Windows Hello. Microsoft has made TPM 2.0 a baseline requirement for Windows 11; that same hardware foundation is also being used by game publishers and anti‑cheat vendors to ensure a trusted launch environment for kernel‑level protection. As a result, TPM and Secure Boot increasingly show up as preflight requirements for both OS upgrades and certain AAA multiplayer titles.Timelines you should know
Microsoft will end mainstream support for Windows 10 on October 14, 2025. That date makes the Windows 11 hardware checks (TPM 2.0 + Secure Boot + supported CPU list) immediately relevant because many users now face a short migration window. If your PC doesn’t meet the hardware requirements, Microsoft offers limited Extended Security Updates (ESU) options, but these are temporary patches rather than a long‑term solution.How to check whether your PC supports TPM 2.0
There are multiple ways to confirm TPM presence and whether it’s enabled. Use whatever method you’re comfortable with; the callout below lists them from quickest to more technical.1) Windows Terminal / PowerShell (fast, authoritative)
- Open Windows Terminal or PowerShell as Administrator.
- Run:
- Get-Tpm
Example (typical output fields you’ll see):
- TpmPresent : True
- TpmEnabled : True
- TpmReady : True
- ManufacturerVersionFull20 : x.x.x.x
2) TPM Management Console (tpm.msc)
- Press Win + R, type tpm.msc, and press Enter.
- The TPM Management window shows a Status line: “The TPM is ready for use” when present and active. Under TPM Manufacturer Information you’ll see a Specification Version value (e.g., 2.0) that confirms whether the chip meets Windows 11’s requirement. If the console displays “Compatible TPM cannot be found”, the module is either missing or disabled in UEFI.
3) System Information (msinfo32)
- Press Win + R, type msinfo32, and open System Summary.
- Look for BIOS Mode (should be UEFI for Secure Boot) and Secure Boot State. While msinfo32 won’t show the detailed TPM fields that tpm.msc does, it’s the first stop for Secure Boot and firmware‑mode checks.
4) Device Manager — Security devices
- Right‑click Start → Device Manager → expand Security devices.
- If the TPM driver is present and functional you’ll see Trusted Platform Module 2.0 (or in rare cases 1.2). If it’s missing from Security devices but appears under System devices, your system may be using an OEM driver or the TPM isn’t initialized correctly.
5) Windows Security app — Device security
- Start → Windows Security → Device security → click Security processor details.
- If the Security processor (TPM) section is present you’ll get manufacturer details and the Specification version. If the Security processor block is missing, TPM is likely absent or disabled. This is the GUI‑friendly method most users will prefer.
6) Task Manager — Security devices section
- In modern Windows builds, Task Manager shows a Security devices category that will list Trusted Platform Module 2.0 if the TPM is active. This is another quick visual check without using the management console.
7) Steam (beta) — quick check for gamers
- Steam’s beta client now exposes Secure Boot and TPM status inside Help → System Information; Valve also plans to add these to the Hardware Survey. This is convenient for players troubleshooting why a game’s anti‑cheat refuses to start. If you rely on Steam to check readiness, use the beta client and confirm the reported fields.
How to enable TPM on your PC (UEFI/BIOS steps)
Most modern motherboards include TPM functionality either as a discrete chip (dTPM) or as a firmware implementation (fTPM/PTT). Often TPM is present but disabled by default.Common firmware labels to look for
- Intel-based systems: Intel PTT (Platform Trust Technology) or TPM Device
- AMD-based systems: AMD fTPM, PSP fTPM, or CPU fTPM
- Motherboard/OEM wording: TPM, Security Device Support, Trusted Computing or TPM Security
Vendor UEFI GUIs and menu organization vary, but the setting nearly always lives under Security, Advanced, or Miscellaneous tabs. Asus, Dell, Gigabyte, MSI and others publish model‑specific instructions — consult the manual if you can’t find the option.
Typical steps
- Back up your data and ensure you have administrator access.
- Reboot and enter UEFI/BIOS (common keys: F2, Del, F10; or use Windows Advanced Startup → Troubleshoot → UEFI Firmware Settings).
- Locate the TPM/PTT/fTPM option (Security → Trusted Computing / Advanced).
- Enable the appropriate option (for Intel choose PTT; for AMD choose fTPM; choose Firmware TPM where offered).
- Save and exit UEFI (usually F10), then boot Windows and verify with tpm.msc or Get‑Tpm.
Will enabling TPM change my Windows installation?
- Usually, no — enabling TPM in firmware alone does not change or wipe Windows data. However, important caveats follow below: enabling is safe in most consumer cases, but clearing (resetting) the TPM does erase secrets and will affect encrypted data unless you take precautions. See the Risks section.
Common pitfalls, risks and safety checks (don’t skip these)
1) Clearing the TPM erases keys — back up BitLocker keys first
If you’re prompted (or decide) to Clear TPM, understand that this resets the TPM to factory defaults and removes all keys stored in it. That includes BitLocker protectors, virtual smart card secrets, measured‑boot attestation keys, and other application secrets. Microsoft and OEM guidance specifically warn that clearing can make encrypted data inaccessible unless the recovery keys are available. Before changing firmware or clearing TPM, back up your BitLocker recovery key (to your Microsoft account, a file, a USB drive, or enterprise Active Directory/Azure AD storage).- Action: If BitLocker is enabled, suspend protection before firmware changes (Manage‑BDE or BitLocker control panel), then re‑enable afterward.
2) BitLocker recovery prompts after firmware changes
Switching firmware modes (Legacy → UEFI), enabling/disabling TPM, or clearing TPM will often cause BitLocker to demand the recovery key on next boot. That’s why you should suspend BitLocker before making firmware changes and have the recovery key in hand if something goes wrong.3) Converting disks: Secure Boot often requires GPT
If your system uses MBR partitions, Secure Boot requires a UEFI/GPT configuration; many guides recommend using Microsoft’s MBR2GPT tool to convert without reinstalling Windows, but conversion has preconditions and can fail on complex layouts (dual‑boot, unusual partitions). Back up the system image before attempting conversion.4) Linux and dual‑boot impacts
Enabling Secure Boot can block unsigned Linux kernels or bootloaders; dual‑boot users may need to configure shim, enroll keys, or accept that some distributions will require extra setup. Similarly, Steam/anti‑cheat enforcement tied to Secure Boot/TPM may block Linux/Proton setups or Steam Deck configurations in some cases. If you depend on Linux, research compatibility steps for your distro before flipping Secure Boot on.5) Firmware updates and OEM quirks
Some motherboards need a BIOS/UEFI update to expose firmware TPM options or to provide a TPM 2.0 firmware implementation. If you don’t see the setting, check your OEM/motherboard support site for updates. Corporate devices are sometimes shipped with TPM disabled by IT policy — consult your IT admin before changing firmware on managed equipment.Gaming and anti‑cheat: why TPM & Secure Boot are showing up in launch checks
Major publishers and anti‑cheat providers are increasingly tying enforcement to platform integrity features:- Activision (Call of Duty) documents that TPM 2.0 and Secure Boot will be required for certain upcoming titles (for example, Black Ops 7’s Beta and launch), stating those features help RICOCHET anti‑cheat verify the boot environment and protect kernel components.
- EA and other publishers have adopted similar strategies for Battlefield and other live titles; these measures are being tested in seasons or betas before full enforcement. This is why Steam’s beta added Secure Boot and TPM status reporting: publishers need a quick way to see whether a user’s machine meets preflight requirements.
Troubleshooting: if TPM is present but Windows says “not found”
- Confirm TPM is enabled in UEFI/BIOS (Intel PTT or AMD fTPM). Reboot, enter firmware, and enable the option. Save and reboot.
- Update firmware/BIOS — older firmware may not expose a firmware TPM option.
- Check Device Manager for the TPM driver and update/uninstall‑reinstall if it’s using an OEM driver that prevents correct enumeration. Microsoft documentation notes OEM driver conflicts can make TPM appear missing.
- If Windows says TPM exists but tpm.msc errors, consider clearing and initializing only after ensuring you have recovery keys and backups; follow vendor guidance to clear safely. Clearing may require a physical key press at POST and will erase TPM keys.
Quick, safe checklist before you modify firmware or clear a TPM
- Back up all important files and create a system image.
- Export or store the BitLocker recovery key(s) to a safe external location (Microsoft account, USB, file).
- Suspend BitLocker prior to making firmware changes.
- Update your motherboard/UEFI firmware to the latest stable release from the OEM.
- Enable TPM (PTT / fTPM) in firmware and reboot. Verify with tpm.msc or Get‑Tpm.
- If enabling Secure Boot, confirm your disk is GPT (convert with mbr2gpt only after backing up and validating).
- Re‑enable BitLocker and validate you can boot without prompts.
- If any game or anti‑cheat still refuses to run, consult the publisher’s support article for the exact enforcement rules — many vendors roll features out gradually with warnings first.
Closing analysis: strengths, trade‑offs and the practical verdict
- Strengths: TPM 2.0 and Secure Boot provide a measurable, hardware‑rooted security baseline that makes features like BitLocker, Windows Hello, virtualization‑based protections, and attestation far more robust. For gamers and publishers, TPM+Secure Boot gives anti‑cheat systems a reliable early‑boot integrity signal that reduces kernel‑level cheating vectors. These security benefits are why Microsoft won’t relax the requirement for Windows 11 and why publishers are adopting the same checks.
- Trade‑offs and risks: the main downsides are operational: older hardware, dual‑boot Linux setups, and some DIY configurations can be broken by flipping Secure Boot or converting partition styles. The scariest risk is data loss from clearing the TPM without backing up BitLocker keys. OEMs sometimes ship TPM disabled, and firmware menus vary widely, which creates confusion. For enterprises, the device replacement and management burden is real; for consumers, the immediate impact is usually limited to a one‑time BIOS toggle and a small amount of caution.
- Practical verdict: check first, enable carefully, and back up everything. If you’re upgrading to Windows 11, confirming TPM 2.0 and Secure Boot is a necessary step. If you’re a gamer, check Steam’s beta System Information or the game publisher’s support page before a launch to avoid the last‑minute scramble. If you rely on encryption (BitLocker) or dual‑boot, plan the firmware changes, suspend encryption, and preserve recovery keys before touching UEFI settings.
If you want a one‑page action plan to run now:
- Open an elevated PowerShell and run Get‑Tpm to check presence and state.
- Run tpm.msc to confirm “The TPM is ready for use” and Specification Version: 2.0.
- If TPM is missing or disabled, reboot to UEFI, enable Intel PTT / AMD fTPM, save, and re‑check.
- Back up BitLocker recovery keys and suspend BitLocker before making firmware changes.
- If you’re a Steam gamer, opt into the Steam beta to see TPM & Secure Boot status inside Steam’s System Information.
Source: Neowin How to check if TPM is supported and enabled on your PC
