If you’re using a pre-built desktop or laptop PC made within the last three or four years, Windows 11’s sometimes-confusing, sometimes contentious security-oriented new system requirements won’t be a problem for you—all of the security features Microsoft is requiring for the new operating system should be turned on by default. It’s a bigger problem for people who build their own computers (or who have had computers built for them), since features like the Trusted Platform Module (TPM) are often disabled by default.
Most motherboard manufacturers have already posted lists of boards that they expect to meet Windows 11’s requirements, and some of them are going a step further—releasing new BIOS updates for their motherboards’ firmware that enable the integrated TPMs in Intel and AMD processors by default. While it usually isn’t too difficult to switch the TPM on manually, each motherboard manufacturer keeps this setting in a different place, and the way the setting is labeled differs depending on whether you’re using an Intel or AMD chip or what motherboard you’re configuring.
Asus is currently taking the most comprehensive approach, with BIOS updates either available or “under testing” for the vast majority of Intel and AMD motherboards made within the last three or four years (300-, 400-, and 500-series chipsets from both Intel and AMD are broadly supported, which covers most 8th-generation and newer Intel CPUs and all of AMD’s Ryzen processors). But ASRock has released TPM-enabling BIOS updates for a handful of its newer motherboards as well, and we’d expect other motherboard-makers to follow suit in the next few months. We’ve contacted ASRock, Gigabyte, and MSI to see if they have any information to share and will update if they do.