To enable Secure Boot and TPM 2.0 , you need to change a few options in your PC’s UEFI/BIOS firmware, then confirm in Windows that they are active. Below is a blog-style “Quick Scoop” guide following your content rules.

How to Enable Secure Boot and TPM 2.0

Quick Scoop

Enabling Secure Boot and TPM 2.0 is now a common requirement for things like Windows 11, modern anti‑cheat systems, and stronger device security. The process feels a bit “techy,” but it mostly comes down to: check support → enter BIOS/UEFI → flip a few switches → verify in Windows.

1. Before You Touch the BIOS

Think of this as the “pre‑flight check” so you don’t lock yourself out of Windows.

  • Backup anything important. Changing boot modes or disk layout the wrong way can make Windows unbootable if the drive is still using MBR instead of GPT.
  • Check if TPM is already enabled.
    • Press Windows Key + R → type tpm.msc → Enter.
* If you see “Trusted Platform Module 2.0” and status “The TPM is ready for use”, you’re done with TPM.
  • Check Secure Boot status.
    • In Windows 10/11: Settings → Update & Security (or Privacy & Security) → Windows Security → Device Security → Secure boot status.
  • Know your motherboard brand. Dell, ASUS, MSI, Gigabyte, Lenovo, HP, etc. all use slightly different names for TPM and Secure Boot options.

If anything here already says “On” or “Enabled”, you can skip that part later.

2. Getting Into BIOS/UEFI (Firmware Setup)

You need to restart into the firmware so you can flip the TPM and Secure Boot switches.

Common ways:

  • From Windows:
    • Settings → Update & Security → Recovery → Advanced startup → Restart now → Troubleshoot → Advanced options → UEFI Firmware Settings → Restart.
  • From power‑on:
    • Reboot and repeatedly tap one of: F2, Del, Esc, F10, F12 (depends on brand; Dell often uses F2, others use Del/F2).

Once you’re in, you’ll see tabs like Security , Boot , Advanced , Authentication , or similar.

3. Enabling TPM 2.0 in BIOS

TPM may show up under different names depending on CPU and manufacturer, but it’s the same concept.

Typical label names:

  • On Intel systems:
    • “TPM Device”, “PTT” (Platform Trust Technology), “Intel Platform Trust Technology”, “Intel PTT”.
  • On AMD systems:
    • “AMD fTPM”, “Firmware TPM”, “AMD CPU fTPM”.

General steps (wording varies, but flow is similar across vendors):

  1. Open the Security or Advanced tab in BIOS.
  1. Look for a submenu like Trusted Computing , TPM Security , Intel PTT , or AMD fTPM.
  1. Set the TPM option to:
    • “Enabled” or “On”.
    • If there is a choice between “Discrete TPM” and “Firmware TPM”, choose Firmware/CPU TPM unless you know you have a separate TPM chip.
  1. Do not clear or reset the TPM unless you’re fully aware it may wipe keys for BitLocker and similar tools.
  2. Save and exit (usually F10, or “Save & Exit” menu), then let Windows boot.

After reboot:

  • Press Windows Key + R → tpm.msc → check that it shows “Specification Version: 2.0” and status “ready for use”.

If you see “Compatible TPM cannot be found,” your hardware may not support TPM, or it’s still disabled / named differently in your BIOS.

4. Enabling Secure Boot

Secure Boot makes sure only trusted, signed bootloaders can start, which helps block rootkits and certain cheats or hacks at boot time.

4.1 Confirm you are using UEFI + GPT

Secure Boot requires:

  • Boot mode: UEFI , not Legacy/CSM.
  • Disk format: GPT , not MBR.

If your system is Legacy/MBR you usually must convert the system drive to GPT and switch to UEFI, which can break boot if done wrong. Microsoft and various guides use mbr2gpt for in‑place conversion, but always back up first.

4.2 Turn on Secure Boot in BIOS

Once you are on UEFI:

  1. Go to the Boot , Security , or Authentication tab.
  1. Find Secure Boot and set it to Enabled.
  1. If there is a “Secure Boot Mode” option, set it to “Standard” or “Windows UEFI mode”.
  1. If you see options about “Install default keys” or “Factory keys”, choose to install / restore default Secure Boot keys so Windows is trusted.
  1. Save and exit, then boot back into Windows.

Back in Windows, you can re‑check:

  • Settings → Windows Security → Device Security → look for Secure Boot status as “On” or “Enabled”.

Some games (like modern Battlefield entries) and anti‑cheats specifically check for both TPM and Secure Boot enabled; once both are green, related launch errors usually disappear.

5. Common Vendor Examples (High‑Level)

Every BIOS screen looks a bit different, but the logic is similar.

[5] [5] [10] [10] [6][9] [6][2] [8] [8]
Vendor / Board TPM Menu Path (Example) Secure Boot Menu Path (Example)
Dell desktop/laptop Security → TPM 2.0 Security → set TPM On.Secure Boot → Secure Boot Enable → Enabled.
ASUS (UEFI) Advanced → PCH-FW Configuration → Intel Platform Trust Technology (PTT) → Enabled.Boot → Secure Boot → OS Type = Windows UEFI mode; Secure Boot state Enabled.
MSI / Gigabyte Settings → Security → Trusted Computing → Security Device Support = Enabled (Intel PTT / AMD fTPM).Settings → Boot → Secure Boot = Enabled; CSM/Legacy must be Disabled.
Lenovo ThinkPad Security → Security Chip → Enabled (may list TPM 2.0).Security → Secure Boot → Enabled.
If paths don’t match exactly on your PC, look for similarly named options under Security or Boot sections.

6. Forum‑Style Gotchas and Warnings

From user reports and tech‑forum threads, a few recurring issues come up when people try to turn on TPM 2.0 and Secure Boot.

“After I enabled TPM 2.0 and Secure Boot my PC refused to boot, so I had to go back into BIOS and disable Secure Boot / go back to Legacy mode to recover.”

Watch out for:

  • Legacy/CSM still enabled. Secure Boot normally requires CSM/Legacy disabled; changing this without GPT can make Windows unbootable.
  • Incorrect key settings. Deleting secure boot keys without installing default / factory keys can prevent the system from trusting your bootloader.
  • BitLocker surprises. On systems with BitLocker or similar, clearing TPM or changing TPM mode may trigger recovery key prompts.
  • Prebuilt / OEM locks. Some OEMs hide or lock the relevant menus on certain low‑end systems, meaning you cannot enable TPM 2.0 or Secure Boot even though Windows mentions them.

If you get stuck with a black screen or “no bootable device” after changes, the usual recovery path is:

  • Re‑enter BIOS immediately, undo the last change (e.g., re‑enable CSM/Legacy or disable Secure Boot), save, and boot again.

7. SEO Bits (for your post)

  • Focus keyword usage: “how to enable secure boot and tpm 2.0” fits naturally in your H1/H2, intro, and a couple of body paragraphs as shown.
  • Meta description idea (short):

Learn how to enable Secure Boot and TPM 2.0 in BIOS/UEFI, switch to UEFI safely, and verify settings in Windows for upgrades, anti‑cheat, and better security.

  • Short paragraphs and bullets above keep the readability score friendly for most audiences, while still being detailed enough for 2025‑era Windows and gaming requirements.

TL;DR:

  • Enter BIOS/UEFI → enable TPM (Intel PTT / AMD fTPM) under Security/Advanced → save and reboot → confirm with tpm.msc.
  • Make sure you’re using UEFI + GPT → in BIOS, enable Secure Boot and load default keys → verify in Windows Security that Secure Boot is On.

Bottom note: Information gathered from public forums or data available on the internet and portrayed here.