How to Check If TPM 2.0 Is Enabled on Your PC
TPM 2.0 has become one of the most talked-about hardware requirements in recent years — largely because Windows 11 won't install without it. But for most people, it's not obvious whether their system has it, or whether it's actually turned on. The good news: checking TPM 2.0 status is straightforward once you know where to look.
What TPM 2.0 Actually Is
TPM stands for Trusted Platform Module. It's a small security chip — either a dedicated physical chip on your motherboard or a firmware-based equivalent built into your CPU — that handles cryptographic functions. It stores encryption keys, certificates, and security credentials in a way that's isolated from the main operating system.
TPM 2.0 is the current standard version, succeeding TPM 1.2. It supports more modern encryption algorithms and is required by Windows 11 as a baseline security feature. It's also used by features like BitLocker drive encryption, Windows Hello, and Secure Boot attestation.
Most PCs manufactured after 2016 include TPM 2.0 hardware. The complication is that it isn't always enabled by default — particularly on older systems or custom-built PCs where BIOS settings may not have been touched.
Method 1: Use the TPM Management Console (Fastest Check) 🔍
This is the quickest way to see your TPM status directly in Windows.
- Press Windows + R to open the Run dialog
- Type
tpm.mscand press Enter - The TPM Management on Local Computer window opens
What you'll see:
- "The TPM is ready for use" — TPM 2.0 is enabled and working
- "Compatible TPM cannot be found" — TPM is either absent, disabled in firmware, or hidden from the OS
- Under TPM Manufacturer Information, look for Specification Version: 2.0 to confirm it's TPM 2.0 specifically (not 1.2)
Method 2: Check via Device Manager
- Right-click the Start button and select Device Manager
- Expand the Security devices category
- If you see Trusted Platform Module 2.0 listed, the chip is present and recognized by Windows
If there's no Security devices category, TPM is either disabled or not present.
Method 3: Windows Security App
- Open Windows Security from the Start menu or system tray
- Navigate to Device Security
- Look for Security processor — if it appears, click Security processor details
- You'll see the Specification version confirming whether it's TPM 1.2 or 2.0
This method is particularly useful for non-technical users since it presents the information in plain language without registry-style formatting.
Method 4: Check in BIOS/UEFI Firmware
If Windows doesn't detect a TPM at all, the chip may simply be disabled in your system firmware. This is where the real troubleshooting happens.
To access BIOS/UEFI:
- Restart your PC and press the firmware key during boot (commonly Delete, F2, F10, or F12 — varies by manufacturer)
- Alternatively, go to Settings → System → Recovery → Advanced startup → Restart now, then navigate to Troubleshoot → Advanced options → UEFI Firmware Settings
What to look for inside BIOS: TPM settings are often found under menus labeled Security, Advanced, Trusted Computing, or PCH-FW Configuration — naming varies significantly between manufacturers.
| Manufacturer | Common TPM Setting Name |
|---|---|
| Intel platforms | PTT (Platform Trust Technology) |
| AMD platforms | fTPM (Firmware TPM) |
| Discrete TPM chips | TPM Device or TPM Support |
Enable the relevant setting, save changes, and reboot. Then recheck using tpm.msc.
Method 5: PowerShell (For Advanced Users) ⚙️
Open PowerShell as Administrator and run:
Get-Tpm This returns detailed status including:
TpmPresent: True or FalseTpmReady: Whether it's initialized and usableTpmActivated: Activation stateManufacturerVersionFull: Version information
This method is useful for IT administrators checking multiple machines or scripting TPM status across a fleet.
Variables That Affect What You'll Find
Not every setup produces the same result, and several factors shape your outcome:
- PC age and OEM: Systems built before 2016 may have TPM 1.2 instead of 2.0, or no TPM at all
- Custom builds: Discrete TPM modules are often not installed by default — users may have a header on the motherboard but no chip seated in it
- Firmware configuration: Even with capable hardware, Intel PTT or AMD fTPM must be explicitly enabled in BIOS
- Virtualization settings: On some systems, enabling fTPM conflicts with certain virtualization configurations, requiring a choice between the two
- Enterprise environments: IT-managed machines may have TPM provisioned, cleared, or locked through group policy, which changes what you see in
tpm.msc
TPM 1.2 vs. TPM 2.0 — Why the Version Matters
| Feature | TPM 1.2 | TPM 2.0 |
|---|---|---|
| Windows 11 support | ❌ Not supported | ✅ Required |
| SHA-256 support | Limited | Native |
| Algorithm flexibility | Fixed | Broader |
| BitLocker compatibility | Basic | Full |
Finding TPM 1.2 where you expected 2.0 is a common surprise — especially on business-class machines from the 2014–2017 era that shipped with TPM 1.2 enabled and never received a firmware update to expose 2.0 capability.
When the Results Get Complicated
Some systems technically have TPM 2.0-capable hardware but require a firmware update before the 2.0 version becomes available. Others have TPM present but in a disabled or unowned state, meaning it's there but not initialized for use. A few enterprise systems show TPM as present but locked from user configuration entirely.
What you find on your own machine — whether it's a clean "ready for use," a firmware setting to toggle, a hardware gap, or an IT policy constraint — depends entirely on the specific combination of hardware generation, motherboard firmware version, system configuration, and how the machine has been managed over its life.