The countdown to the Windows 11 update is on! ๐ Most of you have probably checked if your PC or laptop can handle the upgrade using Microsoft’s tool. If you’ve recently bought or assembled your PC, your processor and memory are likely up to par. But some of you might see messages saying upgrades are blocked due to TPM settings and Secure Boot. Windows 11 is all about beefed-up security, so these conditions are key. ๐
There are tons of detailed guides online to tackle these issues, but I’ll focus on explaining the structure to help you understand the process better. Just following steps is boringโlet’s make it stick! ๐ก
TPM stands for Trusted Platform Module, a microchip that provides hardware-based security, storing things like passwords and encryption keys. Apple devices have something similar with their T2 chip. ๐
Originally introduced in 2009 as a chip you attach to the board, TPM has been built into most Intel CPUs since 2013. (Apple’s CPUs have something called a Security Enclave.)
To activate TPM, you need to dive into your board’s BIOS settings and tweak some options. โ๏ธ
The menus differ by board, but for example, on an Asrock board, you just activate the Intel(R) Platform Trust Technology under the security menu. Once you do that and reboot, you can see the added hardware in the device manager’s security devices section.
Next up is Secure Boot. It’s a security standard ensuring your device only boots with trusted software from manufacturers. To understand this, let’s talk about UEFI, as Secure Boot needs BIOS mode to be UEFI. ๐
BIOS is firmware on your motherboard that initializes and checks hardware when power is on, booting the OS. UEFI, or Unified Extensible Firmware Interface, enhances old Legacy BIOS, adding new features. Here, MBR (Master Boot Record) and GPT (GUID Partition Table) come into play. To boot, a hard drive needs access to its info, traditionally managed by MBR. Back when Legacy BIOS first launched, hard drives used MBR, supporting up to 2TB. But now, with drives exceeding 10TB, GPT emerged. It supports drives over 2TB, unlike Legacy BIOS which can’t access them. ๐พ
UEFI can handle the outdated MBR via CSM (Compatibility Support Module) but for Secure Boot, UEFI booting and a GPT-formatted hard drive are necessary.
In short, to have Secure Boot, you need UEFI booting, and for that, your hard drive must be in GPT format. ๐ฅ๏ธ
If your motherboard only supports Legacy BIOS (DOS-like interface), then Windows 11 is a no-go. But these boards are rare now. If you’re on UEFI, disable CSM mode to prepare for UEFI booting. Before that, make sure your hard drive is GPT. Some outdated info suggests wiping the drive to switch to GPTโbe careful! (No one wants to recklessly wipe their OS-installed drive, right?) Even if Windows is installed, you can easily convert the format with ‘mbr2gpt /convert’ in advanced startup options. โ ๏ธ
It sounds complex, but I trust you got this! It’s a bit of a hassle, but let’s get it done and wait for the Windows 11 update with peace of mind. ๐
By the way, dear Microsoft, can you please support Windows 11 updates for Surface Book? ๐
Just a little wish.
Leave a Reply