Microsoft recently updated its Windows 11 requirements to reflect that TPM 2.0 and UEFI Secure Boot are a must for those looking to upgrade to Windows 11. This has led to a lot of confusion amongst users, especially those who ran Microsoft’s PC Health Check and found that their PC is not eligible to run Windows 11.
But since the PC health checker doesn’t specify why one’s PC cannot run Windows 11, there’s little to go on what one can do to make it eligible. However, if your PC meets other hardware specifications to run Windows 11, chances are that the root of the problem lies with the UEFI secure boot itself.
Here’s everything you need to know about UEFI secure boot and why Microsoft has made it (and TPM 2.0) mandatory for users to upgrade to the latest OS.
What is UEFI Secure Boot?
Unified Extensible Firmware Interface, or UEFI, is the replacement for the age-old legacy BIOS firmware required for the system to boot. Though many still use the two terms interchangeably, UEFI is the newer of the two and, therefore, more secure. Calling it a safety measure, Microsoft has now made it mandatory for PCs to have UEFI capability to install and run Windows 11.
If your PC meets all other requirements, enabling UEFI Secure Boot (along with TPM 2.0) should make it possible for your PC to become Windows 11 compatible.
Why Windows 11 require Secure Boot and TPM 2.0?
UEFI Secure Boot and TPM 2.0 are both new technologies that Microsoft claims will improve Windows security on the whole. In tandem, these technologies will ensure a safe installation and boot up, prevention of malware infestation and access to encryption keys by third parties.
One thing worth noticing in Microsoft’s Windows 11 minimum requirements documentation is that a PC has to be Secure Boot capable. As of now, it’s not confirmed whether Secure Boot capability will be enough, or will it a hard requirement to run Windows 11.
How to enable Secure Boot in UEFI
These hard requirements will most probably not affect those who have a modern OEM PC as most of them will mostly have support for UEFI firmware and TPM 2.0 to run Windows 11.
However, there will be many who do have UEFI capable systems but because it is not enabled, they may not get confirmation about their PCs being compatible to run Windows 11. Here’s how you can check if your system is UEFI Secure Boot capable and enable it:
First up, shut down your computer and turn it back on. While it is turning back on, you will have to press a special key to access UEFI settings. This special key will differ depending on your PC manufacturer. You may get a message while your PC is booting up about which key you need to press. On our HP PC, for instance, it is F10.
Once you get to the UEFI screen, look for either “Security” or “Boot options”. Under it, look for a “Secure Boot” option and enable it.
Once it is set to “Enabled”, save the changes before you exit. UEFI secure boot is now enabled on your PC.
Can’t find Secure Boot or TTM menu in BIOS?
Well, check our detailed article on this at the link below.
Related: How to find the missing TPM 2.0 and Secure Boot options in BIOS and enable them
Can you install Windows 11 without UEFI?
Although Microsoft has made changes to UEFI and TPM requirements for Windows 11 to reflect these are quite necessary, one can, in practice, install Windows 11 without the TPM 2.0 and Secure Boot.
We will have more information on whether one can do so through Windows update once Windows 11 becomes available for the Insider Preview channels. So stay tuned for further updates on how hard the requirements for UEFI and TPM truly are and what are some workarounds if you want to get the latest Windows without them.