Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs (2024)

Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs (1)

Many users with officially unsupported PCs could successfully install Windows 11 using a 'trick' that circumvents its hardware requirement verification process with a '/product server' command line. It gave many older PC owners a new lease of life as they could migrate towards the latest operating system, as the older ones were no longer supported and were prompted to upgrade. However,Bob Pony quickly found that Microsoft had patched this trick in the latest Canary Build, prompting the need for the TPM (Trusted Platform Module) 2.0 protocol.

Pony confirmed that the current Windows 11 24H2 works fine with the bypass, though that may not be the case for long.Alas, the joy of using Windows 11 on officially unsupported PCs may end as Microsoft rolled out a patch in its Windows 11 Insider Build 27686 (Dilithium) that effectively blocks this trick.

This command has been used for almost a year, enabling many users to upgrade from earlier Windows versions effortlessly. While there are other methods, some were patched- such as the PopCnt restriction implemented a few months ago. Until then, many could use Windows 11 on PCs using a wide range of older CPUs like the obsolete Athlon & Core2Duo. Though the PopCnt restriction was patched, the TPM and Secure Bootcheck could still be bypassed. This bypass is a simple command line that can be executed only during the OS installation process that permanently skips the hardware check, including the TPM and RAM verification.

Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs (2)

It was helpful as many PCs could efficiently run Windows 11 but couldn't with requirements such as the TPM 2.0 protocol not being available in older systems. Even if one uses an add-on module, Windows 11 CPU compatibility begins from Intel 8th-gen and AMD Ryzen 2nd-gen CPUs. Installing a TPM chip wasn't possible on notebooks. For many users, these CPUs are far from obsolete. However, Microsoft has been quick to phase out older operating systems, and many prefer to move to the latest one.

Not surprisingly, Microsoft hasn't mentioned this patch and removed this bypass ability. Though this was found in the Canary Build, this will likely trickle down to future releases and be implemented for all systems once updated. This would force such users to switch to other operating systems, including Windows 11 LTSC Enterprise edition, whose CPU compatibility list starts from two-core CPUs with 1 GHz clock speed, with TPM 2.0 optional.

While there are other installation methods, it's simply a matter of time before Microsoft patches these bypasses. In this situation, users can switch to older Windows 10 with supported builds, shift to Linux, or make a hardware upgrade.

Stay On the Cutting Edge: Get the Tom's Hardware Newsletter

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Roshan Ashraf Shaikh

Contributing Writer

Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom's Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.

More about operating systems

Linux Kernel 6.12 sees optional QR code during kernel panicsNow available to all, Downdate tool silently downgrades Windows security patches

Latest

This AI powered Raspberry Pi RC tank shoots bubbles at its targets
See more latest►

32 CommentsComment from the forums

  • USAFRet

    From the article:
    "Windows 11 CPU compatibility begins from Intel 10th-gen"

    From MS:
    https://learn.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors"Intel® Core™ i3-8100"

    Fact checking....

    Reply

  • usertests

    The real trick is to install Linux.

    Reply

  • hotaru251

    and MS just made so much e-waste...

    they should remove the req as it is barely any safer than non tpm for home users :|

    Reply

  • thestryker

    Microsoft from day one has indicated TPM is a hard requirement (they allow depreciation to 1.2) so this isn't particularly surprising. They still have the bypass for CPU checks and TPM listed for ways to install Win11. At this point I'd be surprised if they took away the CPU bypass and TPM 1.2 minimum, but you never know.

    Reply

  • rluker5

    TPM =/= whitelist of CPUs.
    There are dTPM tiny cards out there and many motherboards come with an integrated dTPM.

    Sure there are some that don't have an integrated motherboard TPM and don't have a slot for a discrete one, but that isn't all of them.

    The Haswells that I use exclusively for either home office stuff or garage streaming are still fast enough and Windows isn't complaining that they are TPM 1.2 (unlike my Kaby Lake laptop that has an unupdated 2.0 chip) so I think they are still fine.

    But does this mean that Tom's will start testing their Ryzen chips with fTPM enabled?

    Reply

  • russell_john

    All that this will accomplish is having millions of unsupported Windows 10 computers on the Internet

    Reply

  • passivecool

    "It is funny that the EU got their panties in such a twist over the "e-waste" of Lightning cables..."
    weeeeeeeeeell it was more about the other types of usb and legion of other proprietary plug types, of which most were hardwired to the chargers. That was a pain. Now i can load the handyvac by usbc, which is cool. The legislation feels more like the ban on roaming fees for cell data than the decree on the necessary straightness of cucumbers. .... a many edged sword to be sure, much sensible, also much not.
    BUT OT as long as win 10 remains "the last version of windows" ie is not discontinued before 95% of the devices are out of service, I'm guessing the eu will keep the feet still.

    Reply

  • doughillman

    usertests said:

    The real trick is to install Linux.

    :rolleyes:

    Reply

  • palladin9479

    Friends do not let friends install Windows 11.

    Reply

  • USAFRet

    palladin9479 said:

    Friends do not let friends install Windows 11.

    I dunno...I have no issues with it on 2 of my systems. Incl this one I'm using now.

    Reply

Most Popular
SK hynix develops 6th-gen 10nm-class DDR5 with the world's first 16Gb DRAM modules — chipmaker claims electric savings of up to 30% for data centers
NATO believes Russia poses a threat to the West’s internet and GPS services
Google renames its AI image generation tool to Imagen 3 — relaunches it six months after pulling the service due to controversies
China invested $6.1 billion in a state data center project in two years — the "Eastern Data, Western Computing" project aims to utilize the country's undeveloped land
PS5 Pro design sketch based on alleged packaging suggests the launch is near — and we don't see a disc drive
Dutch government to ban ASML from servicing installed wafer tools in China
DNA tech stores data equivalent to thousands of SSDs — all that data tucked away safely in an area the size of a fingernail
MSI Lunar Lake-powered gaming handheld pricing and availability will be revealed in September — MSI Claw 8 AI+ likely debuts during Intel's Lunar Lake launch event
Japanese company shows off $50 USB thumb drive with integrated digital camera
Indiegogo introduces a Shipping Guarantee, withholding money from firms until shipments are made
Nvidia addresses significant Blackwell yield issues, production ramps in Q4
Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs (2024)

FAQs

How to install Windows 11 if TPM is not supported? ›

If your PC doesn't have a compatible TPM chip, you can still install Windows 11 without TPM, You can disable secure boot:
  1. Restart your PC and press the key to access the BIOS settings (usually F2, F12, or Del).
  2. Navigate to the "Boot" or "Secure Boot" section and disable Secure Boot.

Can I install Windows 11 with an unsupported CPU? ›

While there isn't much you can do about compatibility if you have an x86 (32-bit) CPU, you can bypass the requirements for specific CPUs or TPM support, which allows most Windows PCs to upgrade to Windows 11.

How do I bypass TPM 2.0 and Secure Boot to install Windows 11? ›

Start the Windows 11 installation until you see "This PC can't run Windows 11." At the Command Prompt type in regedit, and press Enter. Click on LabConfig, then right-click on the right pane, and click New > DWORD (32-bit Value). Double-click on ByPassTPMCheck and change the Value data to 1, and press OK.

Is TPM 2.0 required for Windows 11? ›

Most PCs that have shipped in the last 5 years are capable of running Trusted Platform Module version 2.0 (TPM 2.0). TPM 2.0 is required to run Windows 11, as an important building block for security-related features.

How to solve TPM problem for Windows 11? ›

To clear the TPM
  1. Open the Windows Defender Security Center app.
  2. Select Device security.
  3. Select Security processor details.
  4. Select Security processor troubleshooting.
  5. Select Clear TPM. You'll be prompted to restart the computer.
Jul 10, 2024

How to enable TPM 2.0 in BIOS? ›

How to Enable TPM 2.0 in BIOS
  1. Restart your PC.
  2. Hold down the F2 key (FN F2 if no dedicated function keys) during boot up to get to the BIOS menu.
  3. Use the arrow keys to navigate to the Security tab.
  4. Find a listing for either TPM, Intel Platform Trust Technology (IPTT), or AMD CPU fTPM.
  5. Toggle to “Enabled”
Oct 7, 2021

How do I install Windows 11 if my PC is not compatible? ›

Microsoft has strict hardware requirements for Windows 11, especially the need to support certain security features, such as TPM 2.0. A simpler solution is to use a tool like Win. BootMate, which can help you create a bootable USB that meets the requirements and bypass some hardware checks.

How to forcefully install Windows 11? ›

To start installing Windows 11, visit Microsoft's Download Windows 11 website. Click the "Download Now" button under the Windows 11 Installation Assistant heading. Run the downloaded "Windows11InstallationAssistant.exe" file. It will check to see if your computer is compatible with Windows 11 in its current state.

How to bypass processor requirements for Windows 11? ›

How to bypass Windows 11 CPU requirements
  1. Windows+r and then type regedit.
  2. After that navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup.
  3. Then right-click on the left side and create a new DWORD (32-bit) Value.
  4. Now you have to set its name to AllowUpgradesWithUnsupportedTPMOrCPU and set its value to 1.
Mar 6, 2024

How do I enable TPM 2.0 without BIOS in Windows 11? ›

Users can enable TPM 2.0 without BIOS in Windows 11 by making a couple of registry changes or using script-based tools, ultimately activating a bypass. One can either use the troubleshooter on their device or Microsoft's management console to activate the feature.

Is Secure Boot required to install Windows 11? ›

While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI/BIOS enabled, you may also consider enabling or turning Secure Boot on for better security.

How to get Windows 11 for free? ›

Check Settings > Windows Update to see if your PC meets the minimum system requirements and to confirm that the upgrade is ready for your PC. Once the upgrade is ready, we recommend that you initiate the free upgrade to Windows 11 right away. This allows you to experience the benefits of Windows 11.

Can I add a TPM module to my computer? ›

TPMs can be integrated into the main CPU, either as a physical addition or as code that runs in a dedicated environment, known as firmware. This method is nearly as secure as a standalone TPM chip, since it uses a trusted environment that's discrete from the rest of the programs that use the CPU.

Is TPM 2.0 on motherboard or CPU? ›

Typically, it's a separate chip on the motherboard though the TPM 2.0 standard allows manufacturers like Intel or AMD to build the TPM capability into their chipsets rather than requiring a separate chip.

How to disable TPM in BIOS? ›

Solution
  1. Restart your computer and enter the BIOS setup by pressing the appropriate key during startup. ...
  2. Navigate to the Security or Advanced tab using the arrow keys.
  3. Look for the TPM option and select it.
  4. Choose the option to disable (or enable) the TPM.
  5. Save your changes and exit the BIOS setup.
  6. Restart your computer.

How to install Windows 11 even if not compatible? ›

To install Windows 11 on an unsupported PC, try making the PC supported by enabling TPM 2.0, Secure Boot, and switching to GPT. If those features cannot be enabled on your PC, you must use a few registry hacks to force Windows 11 to install. Windows 11 has strict system requirements, but there are ways around them.

How to upgrade to Windows 11 if Secure Boot is unsupported? ›

Now, let's dive into fixes that will help you eliminate the problem.
  1. Enable Secure Boot in BIOS. You must enable Secure Boot in BIOS if you want to install Windows 11 on your computer. ...
  2. Check and Enable TPM Support. ...
  3. Choose UEFI as the BIOS' Mode. ...
  4. Convert the Partition Style From MBR to GPT. ...
  5. Perform a Clean Boot.

Does TPM require UEFI? ›

Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Jeremiah Abshire

Last Updated:

Views: 6024

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Jeremiah Abshire

Birthday: 1993-09-14

Address: Apt. 425 92748 Jannie Centers, Port Nikitaville, VT 82110

Phone: +8096210939894

Job: Lead Healthcare Manager

Hobby: Watching movies, Watching movies, Knapping, LARPing, Coffee roasting, Lacemaking, Gaming

Introduction: My name is Jeremiah Abshire, I am a outstanding, kind, clever, hilarious, curious, hilarious, outstanding person who loves writing and wants to share my knowledge and understanding with you.