Windows

This PC can't run Windows 11 (TPM, Secure Boot, CPU)

What 'This PC can't run Windows 11' really means after Windows 10 end of support — TPM 2.0, Secure Boot, and the supported-CPU line — plus how to check and legitimately enable TPM/Secure Boot in UEFI. Eligibility is deferred to PC Health Check; no unsupported-install bypass.

Evidence from the screen

Reference images and diagrams. Click any image to view full resolution.

Decision diagram for 'This PC can't run Windows 11': run PC Health Check for the verdict; if TPM or Secure Boot is the only block it is usually just disabled in UEFI (enable fTPM or Intel PTT and Secure Boot, then re-check and upgrade — legitimate enabling of real hardware); if the CPU itself is unsupported that is the hard wall, pointing to Windows 10 end-of-support options (consumer ESU, replace the PC, or switch OS). No unsupported-install bypass; TPM 2.0 was not dropped. — Original concept diagram (not vendor copyright). Defer the verdict to PC Health Check — a firmware toggle is fixable, an unsupported CPU is the wall. No unsupported-install bypass.

Microsoft PC Health Check showing 'This PC meets Windows 11 requirements' with the checklist of Secure Boot, TPM 2.0, a supported processor, RAM, and storage all passing. — PC Health Check is the authoritative verdict — it names each requirement that passes or fails. First-party screenshot (Windows 11 25H2).

The TPM Management console (tpm.msc) showing 'The TPM is ready for use' and TPM Manufacturer Information with Specification Version 2.0. — tpm.msc confirms the TPM is present and its Specification Version is 2.0. First-party screenshot (Windows 11 25H2).

The System Information (msinfo32) System Summary showing BIOS Mode: UEFI and Secure Boot State: On, with the System Name and User Name values redacted. — msinfo32 shows BIOS Mode = UEFI and Secure Boot State = On (hostname/username redacted). First-party screenshot (Windows 11 25H2).

Problem summary

I'm here because PC Health Check (or Windows Update) says 'This PC can't run Windows 11' and I want to understand why — especially now that Windows 10 support has ended. The verdict comes down to three things: TPM 2.0, UEFI with Secure Boot, and a supported 64-bit CPU. The good news is that the most common 'failure' is just TPM or Secure Boot turned off in firmware — genuinely enabling real hardware you already have (fTPM/PTT, Secure Boot, UEFI mode) is legitimate and often flips the verdict to eligible. The honest line: we defer the eligibility verdict to Microsoft's PC Health Check and won't publish a registry bypass — if the CPU itself is unsupported, that's the wall, and the right move is the Windows 10 end-of-support options (ESU, replace, or switch OS). Back up before any firmware or upgrade work with the backup plan builder.

Operator snapshotEvidence first

First proof

Run PC Health Check and read the specific reason it gives.

Screen to open

tpm.msc

Expected signal

You get the authoritative verdict and the exact failed requirement (TPM, Secure Boot, or CPU).

Stop boundary

Don't change firmware/boot mode without a backup.

Layer path

1'This PC can't run Windows 11' comes down to three checks: TPM 2.0, UEFI with Secure Boot, and a supported 64-bit CPU (plus 4 GB RAM / 64 GB storage). The authoritative verdict is Microsoft's PC Health Check, which names the specific failed requirement — so the first move is to read that, not to guess from the CPU model.

2The most common 'failure' is fixable and legitimate: TPM or Secure Boot is simply turned off in firmware. Enabling real hardware you already have — fTPM/Intel PTT, Secure Boot, switching Legacy/CSM to UEFI — is honest enablement that often flips the verdict to eligible. That's different from bypassing the checks, which this page won't cover.

3If the CPU itself isn't on Microsoft's supported list, that's the hard line — enabling firmware won't change it. At that point the right framing is the Windows 10 end-of-support decision (consumer ESU, replace, or switch OS), not an unsupported install, which Microsoft permits but discourages (no guaranteed updates, a watermark, warranty exclusion).

Runbook

Step-by-step runbook

Start here. Do each check in order, compare it to the expected result, and stop when the evidence explains the failure or the safe stop point applies.

Get the verdict and back up

Check: Run PC Health Check and note the specific failed requirement. Make a verified backup before any firmware work.

Expected result: You know exactly what's blocking eligibility and can recover from firmware changes.

If not: If the CPU is named as unsupported, skip the firmware steps and go to the EOS decision.

Safe stop: Don't change firmware/boot mode without a backup.

Check TPM and Secure Boot state

Check: Run the "Check TPM presence and version" command below (TPM present + version) and msinfo32 (Secure Boot State, BIOS Mode).

Expected result: You see whether TPM/Secure Boot are merely disabled vs genuinely absent, and whether you're in UEFI or Legacy mode.

If not: If both are present and on, re-run PC Health Check — the block may be the CPU.

Enable the firmware features

Check: Reboot into UEFI (Settings → System → Recovery → Restart now → Troubleshoot → Advanced options → UEFI Firmware Settings). Enable fTPM/Intel PTT and Secure Boot; if in Legacy/CSM, switch to UEFI.

Expected result: TPM and Secure Boot are on and the PC boots normally in UEFI.

If not: If switching to UEFI requires MBR→GPT, run mbr2gpt only after your backup is verified.

Safe stop: Enabling real hardware is legitimate; a checks-bypass is not.

Re-check eligibility

Check: Re-run PC Health Check after enabling firmware.

Expected result: Either it now passes (you were eligible, just disabled in BIOS) or it still names the CPU.

If not: If it passes, back up again and upgrade via Windows Update.

If the CPU is the wall, choose an EOS path

Check: For an unsupported CPU, decide among consumer ESU (one more year of security updates), replacing the PC, or switching OS — see the Windows 10 end-of-support page.

Expected result: You have a supported, patched path instead of an unsupported install.

If not: If you still choose an unsupported install elsewhere, understand it isn't guaranteed updates and adds a watermark.

Safe stop: We won't provide a bypass; the honest paths are ESU / replace / switch.

Decision tree

If: PC Health Check says TPM is the only problem and tpm.msc shows none.

Then: TPM is almost certainly present but disabled in firmware.

Action: Enable fTPM (AMD) / Intel PTT in UEFI, re-run PC Health Check.

If: Secure Boot is off and/or BIOS Mode is Legacy/CSM.

Then: Secure Boot needs UEFI mode.

Action: Enable Secure Boot; if in Legacy/CSM, switch to UEFI (convert system disk MBR→GPT with mbr2gpt if needed) — back up first.

Safe stop: Don't convert the disk or change boot mode without a verified backup.

If: PC Health Check passes after enabling firmware.

Then: The PC was eligible all along — just disabled in BIOS.

Action: Back up, then upgrade to Windows 11 via Windows Update.

If: The CPU is not on Microsoft's supported list.

Then: Hard hardware wall — firmware can't fix it.

Action: Choose a Windows 10 EOS path: consumer ESU (one year), replace the PC, or switch OS.

Safe stop: Don't rely on an unsupported install for a machine that must stay patched.

If: Tempted to use a registry/media bypass to force the install.

Then: Out of scope here — unsupported installs aren't guaranteed updates.

Action: Use ESU / replace / switch instead; if you proceed anyway, understand the no-updates/watermark/warranty consequences.

Safe stop: We don't provide a bypass — it's against this site's trust rules.

Evidence

Evidence table

Symptom	Evidence to collect	Likely layer	Next action
PC Health Check: 'TPM 2.0 must be supported and enabled'.	tpm.msc result; whether fTPM/PTT exists in UEFI.	TPM disabled in firmware (usually).	Enable fTPM/PTT in UEFI, re-check.
PC Health Check: 'The PC must support Secure Boot'.	msinfo32 Secure Boot State and BIOS Mode.	Secure Boot off / Legacy boot mode.	Enable Secure Boot; switch to UEFI (convert disk if needed), back up first.
PC Health Check: 'The processor isn't supported'.	CPU model vs Microsoft's Intel/AMD supported lists.	Unsupported CPU (hard wall).	Plan ESU / replace / switch OS — not a bypass.
Passes after enabling firmware.	Re-run PC Health Check result; backup status.	Was eligible, just disabled in BIOS.	Back up, then upgrade via Windows Update.

Reference

Commands and settings paths

Check TPM presence and version

tpm.msc

Where: Run dialog (Win+R)

Expected: Shows whether a TPM is present and its Specification Version (need 2.0); 'cannot be found' usually means disabled in firmware.

Failure means: If none is found, the chip is likely off in UEFI (fTPM/PTT) rather than absent.

Safe next step: Enable it in firmware and re-run tpm.msc / PC Health Check.

Check Secure Boot state and boot mode

msinfo32 (System Summary → Secure Boot State, BIOS Mode)

Where: Run dialog (Win+R)

Expected: Reports whether Secure Boot is On and whether you're booting in UEFI or Legacy mode.

Failure means: BIOS Mode = Legacy/CSM means Secure Boot can't be enabled until you switch to UEFI (may need MBR→GPT).

Safe next step: Enable Secure Boot in UEFI; convert the disk with mbr2gpt only after a backup.

Get the authoritative eligibility verdict

PC Health Check app → Windows 11 → Check now

Where: On the Windows 10 PC

Expected: Gives a clear eligible/ineligible result and names the specific failed requirement — the source of truth we defer to.

Failure means: If ineligible, the named reason tells you whether it's a firmware toggle (TPM/Secure Boot) or a hardware wall (CPU).

Safe next step: Enable firmware and re-check; if the CPU is the blocker, move to the EOS options.

Hardware boundary

Hardware and platform boundary

Change only when

Replace the PC when PC Health Check names the CPU as unsupported and you want a supported machine for years — better than stacking ESU.
Buy nothing to 'enable' TPM/Secure Boot — they're firmware toggles on hardware you already have; only a backup target is worth buying first.

Evidence that matters

An authoritative PC Health Check verdict (TPM 2.0, Secure Boot, supported CPU).
A verified backup before any UEFI/boot-mode/MBR→GPT change.
Knowing whether your block is a firmware toggle or the CPU.

Evidence that does not matter

Chasing a CPU 'compatibility list' yourself — defer to PC Health Check; that's the only verdict that counts.
Third-party 'make any PC Windows 11 compatible' tools — they bypass the checks, which is out of scope.

Avoid

Using a registry/media bypass to force Windows 11 onto unsupported hardware that must stay patched.
Switching to UEFI or running mbr2gpt without a verified backup.
Disabling Secure Boot to 'fix' anything.
Believing headlines that Microsoft dropped the TPM 2.0 requirement — it didn't.

Related tool/checklist

Use the linked tool when you need a guided plan from your exact symptoms instead of a static checklist.

Backup plan builder

Last reviewed

2026-06-02 · Reviewed by HomeTechOps. Reviewed against Microsoft's PC Health Check, Windows 11 system-requirements, Enable-TPM-2.0, Windows-11-and-Secure-Boot, supported Intel/AMD processor lists, and unsupported-install pages; defers the eligibility verdict to PC Health Check, distinguishes legitimately enabling real hardware (fTPM/PTT, Secure Boot, UEFI) from a checks-bypass it refuses to provide, treats an unsupported CPU as the hard line pointing to the Windows 10 EOS options, and rejects the false 'TPM 2.0 no longer required' claim.

Sources/assumptions

Assumes a consumer Windows 10 PC being assessed for Windows 11; the requirements, the TPM/Secure Boot check-and-enable steps, and the supported-CPU lists follow Microsoft Support and Microsoft Learn current to mid-2026.
Per the site's trust rules, eligibility is deferred to PC Health Check (no specific CPU is asserted to 'work'), and no unsupported-install registry bypass is provided — only legitimate enabling of hardware that already exists.
The 'requirements remain unchanged' position is per Microsoft's current pages; third-party claims that Microsoft dropped the TPM 2.0 requirement are treated as false and not repeated.

Source-backed checks

HomeTechOps turns official docs and conservative safety rules into a shorter runbook. These links are the source trail for the page direction.

Microsoft Support: How to use the PC Health Check appUsed as the official, defer-to-Microsoft way to check Windows 11 eligibility (TPM 2.0, Secure Boot, supported CPU) rather than asserting any specific CPU works.Microsoft: Windows 11 specifications and system requirementsUsed for the official Windows 11 minimum requirements: TPM 2.0, UEFI + Secure Boot, compatible 64-bit CPU, 4 GB RAM, 64 GB storage.Microsoft Support: Enable TPM 2.0 on your PCUsed for the two TPM check methods (Windows Security → Device security, and tpm.msc) and the exact UEFI labels to turn it on (fTPM, Intel PTT/Platform Trust Technology).Microsoft Support: Windows 11 and Secure BootUsed for enabling Secure Boot, the Legacy/CSM → UEFI switch, and the 'Secure Boot capable vs enabled' nuance.Microsoft Learn: Windows 11 supported Intel processorsUsed as the authoritative Intel supported-CPU list (floor around 8th-gen Core) — deferred to rather than asserted, per the no-fake-compatibility rule.Microsoft Learn: Windows 11 supported AMD processorsUsed as the authoritative AMD supported-CPU list (floor around Ryzen 2000) — deferred to rather than asserted, per the no-fake-compatibility rule.Microsoft Support: Installing Windows 11 on devices that don't meet minimum requirementsUsed for Microsoft's official position that unsupported installs are permitted but discouraged, aren't guaranteed updates, show a desktop watermark, and void warranty coverage for resulting damage.

Diagnostic rule

1. Check the simplest signal first.
2. Change one thing at a time.
3. Avoid unsafe electrical or data-loss steps.
4. Stop when the evidence says the risk moved.

FAQ

How do I find out exactly why it's ineligible?

Run PC Health Check (Microsoft's app) — it gives the authoritative verdict and, if ineligible, names the specific failed requirement (TPM, Secure Boot, or CPU). That's the right way to tell 'just disabled in BIOS' apart from 'unsupported hardware.' You can cross-check with `tpm.msc` (TPM presence + version) and `msinfo32` (Secure Boot State and BIOS Mode = UEFI).

My PC has TPM but Health Check says no — what gives?

Most self-built and many retail PCs ship with TPM turned off in firmware even though the chip is there. Reboot into UEFI firmware settings (Settings → System → Recovery → Restart now → Troubleshoot → Advanced options → UEFI Firmware Settings) and enable it — it's often labeled fTPM, AMD fTPM/PSP, Intel PTT, or Intel Platform Trust Technology, usually under Security or Advanced. Re-run PC Health Check afterward.

How do I enable Secure Boot?

Secure Boot needs UEFI mode. In firmware, enable Secure Boot; if your PC is in Legacy/CSM mode you'll need to switch boot mode to UEFI first, which may require converting the system disk from MBR to GPT (`mbr2gpt`) — back up first, as that changes the partition table. Note Microsoft's nuance: to *upgrade* you only need to be Secure Boot *capable*, but enabling it is recommended for security.

Can I just bypass the requirements and install anyway?

We won't walk through a bypass — it's against this site's trust rules. Microsoft permits unsupported installs but discourages them: such PCs aren't guaranteed updates (including security updates), get a desktop watermark, and resulting damage isn't covered by warranty. If your CPU is genuinely unsupported, enabling firmware won't help — that's the hard line. The honest paths are on the Windows 10 end-of-support page: consumer ESU, a new PC, or switching OS.

Didn't Microsoft drop the TPM 2.0 requirement?

No. Despite recurring headlines, Microsoft's official system-requirements pages still list TPM 2.0, and Microsoft states the requirements remain unchanged. The kernel of truth behind those stories is long-standing setup behavior, not a policy change — and it's bypass-adjacent, so it's out of scope here. Treat 'TPM 2.0 is no longer required' as misinformation and defer to PC Health Check.