How to Fix TPM 2.0 or Secure Boot Not Detected on Windows 11

What Causes This?

Windows 11 checks for both TPM 2.0 and Secure Boot before enabling some security features and during upgrade or install checks. If either one is disabled in UEFI/BIOS, hidden by firmware settings, unsupported by older hardware, or not initialized correctly, Windows may report that it is missing. This can also happen if the system is running in Legacy/CSM boot mode instead of UEFI mode, which prevents Secure Boot from working properly.

Common Symptoms

• Windows 11 upgrade or install says TPM 2.0 or Secure Boot is not available
• PC Health Check reports that the PC does not meet Windows 11 requirements
• tpm.msc shows TPM is not found or not ready for use
• System Information shows Secure Boot State as Off or Unsupported
• Windows Security features like Device Security show limited protection

How to Fix It Manually

1. Check whether TPM 2.0 is detected in Windows

   1. Press Windows + R, type tpm.msc, then press Enter.
   2. In the TPM Management window, look for:
      • Status: “The TPM is ready for use”
      • Specification Version: 2.0
   3. If it says TPM is missing or not ready, continue to the next steps.

2. Check whether Secure Boot is enabled

   1. Press Windows + R, type msinfo32, then press Enter.
   2. In System Information, look for:
      • BIOS Mode: should be UEFI
      • Secure Boot State: should be On
   3. If BIOS Mode says Legacy, Secure Boot cannot be enabled until the system is using UEFI boot mode.

3. Enter UEFI/BIOS settings

   1. Open Settings with Windows + I.
   2. Go to System > Recovery.
   3. Next to Advanced startup, click Restart now.
   4. After restart, choose Troubleshoot > Advanced options > UEFI Firmware Settings > Restart.
   5. Your PC will open the firmware setup screen.

4. Enable TPM 2.0 in firmware

   1. In UEFI/BIOS, look for a security setting named one of these:
      • TPM
      • Intel PTT
      • AMD fTPM
      • Security Device
   2. Set it to Enabled.
   3. Save changes, usually with F10, and restart.
   4. Back in Windows, run tpm.msc again to confirm it now shows Specification Version 2.0.

5. Enable Secure Boot

   1. Go back into UEFI/BIOS if needed.
   2. Find Secure Boot under Boot, Security, or Authentication.
   3. Set Secure Boot to Enabled.
   4. If Secure Boot is grayed out, disable CSM or Legacy Boot first, then switch boot mode to UEFI.
   5. Save and restart, then check msinfo32 again to confirm Secure Boot State: On.

6. If the system is using Legacy BIOS mode, convert the drive to GPT

   1. Open Command Prompt as Administrator: press Windows, type cmd, right-click Command Prompt, choose Run as administrator.
   2. Run:

      mbr2gpt /validate /allowFullOS

   3. If validation succeeds, run:

      mbr2gpt /convert /allowFullOS

   4. Restart into UEFI/BIOS and change boot mode from Legacy/CSM to UEFI, then enable Secure Boot.
   5. Important: back up important files first before changing partition or boot settings.

7. Update BIOS/UEFI if the options are missing

   1. Check your PC or motherboard manufacturer’s support page.
   2. Install the latest BIOS/UEFI update for your exact model.
   3. After updating, recheck TPM and Secure Boot settings.

Fix It Automatically with Kudu

Kudu can quickly check whether TPM 2.0, Secure Boot, UEFI mode, and other Windows 11 security requirements are properly enabled. If something is misconfigured, it helps identify the issue fast so you do not have to dig through multiple system menus and firmware settings on your own.

Download Kudu Free →