TPM can be enabled from Windows only when a vendor utility exposes firmware settings; otherwise UEFI is required.
A Windows 11 upgrade can stop at a TPM warning, and how to enable TPM without BIOS depends on whether Windows can already see the chip. Windows can check TPM, prepare TPM, and restart you into firmware settings. Windows usually cannot flip a disabled firmware TPM switch by itself.
The practical split is simple: use Windows first to confirm the TPM state, use a maker tool if your PC brand allows firmware changes from Windows, and use UEFI only when the TPM switch is hidden from the operating system.
Can TPM Be Enabled Without BIOS Screens?
TPM can be enabled without opening a BIOS screen only on some business PCs with manufacturer management software. A normal home desktop or laptop usually needs the TPM switch changed inside UEFI firmware.
That sounds annoying, but it prevents chasing fake fixes. A missing TPM message can mean three different things: TPM is present but off, TPM 1.2 is present instead of TPM 2.0, or the motherboard has no usable TPM for Windows 11.
- Windows-only path: works when TPM is visible but not ready.
- Vendor-tool path: works mainly on managed Dell, HP, and Lenovo business PCs.
- Firmware path: needed when Windows says no compatible TPM can be found.
Check TPM From Windows First
Windows can show whether TPM is present before you restart into any firmware menu. The simplest check is the TPM Management Console.
- Press Windows + R.
- Type
tpm.mscand press Enter. - Read the Status line and the Specification Version line.
If the window says The TPM is ready for use and Specification Version is 2.0, TPM is already enabled. If Windows 11 setup still complains, restart the PC once and run PC Health Check again before changing firmware settings.
You can also open Windows Security > Device security > Security processor details. That screen is easier to read, but tpm.msc is the better tie-breaker when Windows Security hides details after an update.
TPM Status Results And What They Mean
Each TPM message points to a different next move. Match your exact Windows result before changing anything.
| Windows Result | Likely Meaning | Next Move |
|---|---|---|
| The TPM is ready for use, version 2.0 | TPM already meets Windows 11’s TPM requirement | Restart and rerun the Windows 11 check |
| The TPM is ready for use, version 1.2 | The PC has an older TPM mode or older TPM hardware | Check the maker’s firmware update notes |
| Compatible TPM cannot be found | TPM is missing, disabled, or hidden by firmware | Try the maker tool, then UEFI settings |
| Security processor section is missing | Windows Security cannot see TPM | Verify with tpm.msc |
| TPM is present but not ready | TPM may need provisioning in Windows | Restart, then check Windows Security again |
| Device Manager shows Trusted Platform Module | Windows can see TPM hardware | Update the TPM driver only if there is an error icon |
| PC Health Check fails after TPM shows ready | Health Check may have cached the old state | Restart and run the check again |
Enabling TPM Without BIOS: What Windows Can Do
Windows can send you to firmware settings without tapping F2, Delete, or another startup shortcut. Microsoft says TPM settings are managed through UEFI firmware and may appear as Security Device, TPM State, AMD fTPM, or Intel Platform Trust Technology on different PCs. Microsoft’s TPM 2.0 setup page lists those common labels.
Use the Windows restart path when the boot shortcut is too hard to catch:
- Open Settings > System > Recovery.
- Under Advanced startup, select Restart now.
- Select Troubleshoot > Advanced options > UEFI Firmware Settings > Restart.
- Look under Security, Advanced, or Trusted Computing.
- Turn on the option named TPM, Security Device, AMD fTPM, Intel PTT, or Intel Platform Trust Technology.
- Choose Save and Exit, then let Windows load.
Back in Windows, tpm.msc should show The TPM is ready for use with Specification Version 2.0. If BitLocker is on, save your BitLocker recovery code before clearing or resetting TPM; turning TPM on is usually harmless, but clearing TPM can lock encrypted data until the recovery code is entered.
What Should You Try Before Firmware Settings?
Manufacturer tools are worth trying only when your PC maker exposes BIOS settings to Windows. They are built for business fleets, so many consumer laptops and custom desktops will not have the same option.
Dell Command | Configure is the most direct Windows-side path on supported Dell business systems. Dell’s command reference lists TPM activation through command-line options, with security conditions such as a BIOS setup password and TPM not already being owned.
A Dell administrator may see commands such as:
cctk --tpm=on
cctk --tpmactivation=activate --valsetuppwd=Those commands are not a universal Windows fix. They are for Dell systems that accept Dell Command | Configure commands, and they should not be run on a PC you do not own or manage.
HP business PCs can often be queried or configured with HP Client Management Script Library. Lenovo ThinkPad fleets may expose BIOS settings through Lenovo’s Windows Management Instrumentation interface. Both paths still change firmware-backed settings; they just do it from Windows instead of a visible firmware screen.
Pick The Path That Matches Your PC
The next move depends on what Windows can already see and who made the PC. Use this table as the action map after running tpm.msc.
| PC Situation | Use This Path | Do Not Waste Time On |
|---|---|---|
| TPM 2.0 is ready | Restart and rerun the Windows 11 check | Changing firmware switches |
| TPM missing on a Dell business PC | Dell Command | Configure or UEFI | Random registry edits |
| TPM missing on an HP business PC | HP Client Management Script Library or UEFI | Third-party driver tools |
| TPM missing on a custom desktop | UEFI firmware menu | Windows-only commands |
| TPM 1.2 only | Firmware update notes from the PC maker | Forcing Windows 11 setup |
| No UEFI Firmware Settings button | Use the startup shortcut listed by the PC maker | PowerShell TPM provisioning |
Finish With The Least Risky Move
TPM work should go from least disruptive to most disruptive. Start with checks, then use maker tools only when your model is listed for them, then change UEFI settings as the dependable fallback.
- Run
tpm.mscand write down the status plus specification version. - If TPM 2.0 is ready, restart and rerun the Windows 11 check.
- If TPM is visible but not ready, restart once and check Windows Security again.
- If TPM is missing on a managed Dell, HP, or Lenovo PC, use the maker’s management tool with administrator approval.
- If TPM is missing on a consumer PC or custom desktop, enter UEFI through Settings > System > Recovery > Advanced startup.
- Enable the TPM label your PC uses, save, exit, and confirm with
tpm.msc.
The one thing not worth doing is installing a random TPM driver from a download site. If Windows cannot see TPM at all, the missing piece is almost always a firmware setting, a firmware update, or unsupported hardware.
References & Sources
- Microsoft.“Enable TPM 2.0 On Your PC.”Explains TPM 2.0 checks, UEFI firmware access, and common TPM setting labels.
- Dell.“Dell Command | Configure.”Official Dell page for the Windows and Linux utility that configures BIOS features on supported business PCs.
- HP.“HP Client Management Script Library.”Official HP page for PowerShell tools that can query and set supported HP BIOS settings.