Unable to install Windows 11 due to ‘SecureBoot’ and/or ‘TPM 2.0’ errors? Here’s how you enable both, and a quick workaround that nullifies the need for it altogether.
With the release of Windows 11, users across the globe are all hyped and excited. The new interface seems refreshing, appealing, and quite user-friendly to most. However, before you can make the jump, here are a few things you must know.
Many users have reported encountering errors while installing Windows 11 through the setup or while checking if their PC supports Windows 11 using the PC health check app.
Common Windows 11 Compatibility Errors
If you’re getting a ‘This PC can’t run Windows 11’ error in the PC Health Check app, then the following are the errors you’re likely seeing. Read along to understand what each of these errors means.
⚠️ TPM 2.0 must be supported and enabled on this PC
If you’re getting the TPM 2.0 compatibility error in Windows 11, then you need to enable it in the BIOS settings for your PC. If you’ve got recent hardware, chances are your system would have TPM 2.0 support, if not, then you may have to use a workaround to bypass the TPM 2.0 requirement in Windows 11 (as described later on this page).
⚠️ The processor isn’t supported for Windows 11
The minimum system requirement for Windows 11 states that you got to have 8th gen Intel processor or above to be able to install Windows 11. All Intel Core processors below 8th gen aren’t supported by the latest version of Windows anymore.
⚠️ The PC must support Secure Boot
Windows 11 requires that you’ve Secure Boot enabled on your system to be able to run the latest version of Windows. Thankfully, Secure Boot is supported by a wide range of systems, and chances are your PC supports it but it just isn’t enabled. The quickest way to verify Secure Boot support on your PC is to boot into BIOS and see if the BIOS security settings have a way to enable Secure Boot on your system.
⚠️ The system disk needs to be 64 GB or Larger
The Windows 11 PC Health Check app also checks the size of the disk partition where you currently have Windows installed. If it’s lesser than 64 GB, than you need to expand and increase its volume to 64 GB or more to be able to install Windows 11 on your system. Or, you can always choose to install Windows 11 on another disk partition on your system when installing Windows 11 from a bootable USB drive.
Fixing ‘Secure Boot’ Error
Many users have encountered the ‘This PC Can’t Run Windows 11’ error with ‘The PC must support Secure Boot’ mentioned as the reason when running the Windows 11 installer.
In this case, you have to enable ‘Secure Boot’ from the BIOS settings. But before you enable it, it’s imperative that you understand what it’s all about.
What is Secure Boot?
It is a standard of security that was developed to ensure that the PC boots only with the software that is trusted by OEM (Original Equipment Manufacturer). It prevents malicious software or malware from booting when you start the computer. When the setting is enabled, only drivers that have a certificate from Microsoft will load.
How to Enable Secure Boot in BIOS Settings
Note: The process below is for an HP laptop. The keys to accessing various options and the interface may differ for various manufacturers. However, the concept remains the same. Check the manual that came along with the system or search the web to identify the keys and get a grasp of the interface.
To enable Secure Boot, shut down the system and then start it again. As soon as the display lights up, press the
ESC key to enter the ‘Startup Menu’.
Then, press the
F10 key to enter the ‘BIOS Setup’. The keys that you see below to access the various options might be different for your computer. Verify the same from the computer screen or search the web for your computer model.
Next, navigate to the ‘Advanced’ tab in the ‘BIOS Setup’.
If you find the ‘Secure Boot’ option greyed out, it’s likely that the current ‘Boot Mode’ is set to ‘Legacy’.
To access the ‘Secure Boot’ option, select the ‘UEFI Native (Without CSM)’ setting under ‘Boot Mode’ and then tick the checkbox for ‘Secure Boot’.
As soon as you tick the checkbox, you will be asked to confirm the change. Click on ‘Accept’.
Finally, click on ‘Save’ at the bottom to apply the new settings and then restart your computer.
‘SecureBoot’ is now enabled on your system.
Note: After enabling ‘SecureBoot’, you might not be able to boot the system, as was the case with me. Therefore, enter the ‘Start Up’ menu after restarting the system, select ‘Boot Device Option’, select the USB drive you flashed Windows 11 on, and proceed to the installation.
How to Enable TPM 2.0 in BIOS Settings
One of the other system requirements for Windows 11 is support for TPM 2.0. The Windows 11 installer shows the “The PC must support TPM 2.0” error when you’re running the installer from within Windows only, not through a bootable USB. There, it may only show the “This PC can’t run Windows 11” error.
Thankfully, it’s easy to enable TPM 2.0 in the BIOS settings. But before you move forward with enabling ‘TPM 2.0’ in the BIOS, let’s first also verify its current status in the system.
To verify the status of ‘TPM 2.0’, press
WINDOWS + R to launch the ‘Run’ command, enter
tpm.msc in the text box, and then either click on ‘OK’ or press
ENTER to launch the TPM Management dialog.
Next, check the ‘Status’ section. If it shows ‘The TPM is ready for use’, it’s already enabled.
If you see ‘Compatible TPM cannot be found’, it’s time you enable it in the BIOS settings.
Note: The process may be different for different manufacturers, it’s recommended that you visit the support page of your hardware manufacturer in case the following steps don’t apply to your system.
To enable ‘TPM 2.0’, restart your PC and press the
ESC key as soon as the screen lights up to enter the ‘Startup Menu’. You will be presented with the various key options for the different menus. Identify the one for ‘BIOS Setup’ and press it. In my case (HP Laptop), it was the
You will now find multiple tabs listed at the top, navigate to the ‘Security’ tab.
In the ‘Security’ tab, locate and select the ‘TPM Emdedded Security’ option.
Note: In some cases, the option may be greyed out. To access the option, you will have to setup ‘BIOS Administrator Password’. Once you have set up the password, you can access the TPM and other settings that were greyed out before.
Next, locate the ‘TPM Device’ option and set it to ‘Available’. Finally, click on ‘Save’ at the bottom to apply the changes.
TPM is now enabled on your computer.
How to Bypass ‘Secure Boot’ and ‘TPM 2.0’ Requirements of Windows 11
If you are just hesitant to make changes in BIOS settings, then there’s a simple workaround for you. With this, you can skip enabling ‘Secure boot’ or ‘TPM 2.0’ on your computer and bypass the Windows 11 security requirements without any hassle.
What’s the workaround? We’ll use the Windows 10 ISO, mount it on the system, and then copy the
appraiserres.dll from the ‘sources’ folder to the ‘sources’ folder of the bootable Windows 11 ISO USB drive. This will bypass the new security checks in the system requirements of the Windows 11 installer.
To get started, download the Windows 10 ISO file from Microsoft. Then, right-click on it, and select the ‘Mount’ option from the context menu. The process may take a while.
Next, navigate to the mounted drive and open the ‘sources’ folder.
Find and copy the
appraiserres.dll file from the Windows 10 ISO ‘sources’ folder.
Next, navigate to the USB drive where you flashed Windows 11 and open the ‘sources’ folder. Then, right-click on the vacant part and select ‘Paste’ from the context menu. You can also use the
CTRL + V keyboard shortcut to paste the files.
appraiserres.dll file that we are pasting would also be present in Windows 11 ‘sources’ folder, you’ll get a ‘Replace or Skip FIles’ dialog box, make sure you click on the ‘Replace the files in the destination’ option and wait for it to complete. It’s critical that you replace this file.
Once the file is replaced, restart the computer and install Windows 11 through the ‘Boot Device Options’ in the ‘Startup Menu’ as planned. You wouldn’t encounter the error pertaining to ‘Security Boot’ and ‘TPM 2.0’ anymore.
Installing Windows 11 on a Legacy BIOS?
If you happen to have a really old Windows PC with a motherboard that doesn’t even have the option to enable Secure Boot, then there’s an alternate workaround for you to install Windows 11 on your old PC.
What you have to do is create a bootable Windows 10 USB drive and then replace the
install.wim files from its ‘sources’ folder with the
install.wim from the ‘sources’ folder of Windows 11 ISO image. Below is a link to our detailed guide on that.
Now that there’s no hindrance whatsoever, you can install Windows 11 and enjoy the refreshing and appealing interface it has to offer. Also, you would be amongst the first few to have hands-on Windows 11 experience. Be prepared to brag about it!