• Regedit to bypass TPM and SecureBoot

    Home » Forums » AskWoody support » Windows » Windows 11 » Hardware questions relating to Windows 11 » Regedit to bypass TPM and SecureBoot


    Just out today – Simple regedit to bypass secureboot, tpm, 4gb ram requirements.


    The article title just says TPM but the article covers all 3.

    Works for Insider installs too.  I have 10.0.22000.51 running on a ThinkPad T420 with a 2nd-gen cpu without secureboot or TPM2.

    2 users thanked author for this post.
    Viewing 6 reply threads
    • #2375299

      Just out today – Simple regedit to bypass secureboot, tpm, 4gb ram requirements.

      Many thanks for the link. I’m sure many people will find it useful to take Windows 11 for a twirl around the dance floor – whether an ‘inplace upgrade’ or ‘clean install’.

      It’s obvious BleepingComputer was using a clean install for their screenshots… ‘cos it doesn’t take long for the HKEY_LOCAL_MACHINE hive to become far more populated.

      Here’s my laptop’s HKLM hive with the same registry changes implemented:


      Notice the vast amount of additional keys under SYSTEM and SETUP.

      Here’s the REG change itself:

      Windows Registry Editor Version 5.00

      Hope this helps…

    • #2375377

      Interesting quote in that linked article:

      “The following Windows features require TPM 2.0: Measured Boot, Device Encryption, WD System Guard, Device Health Attestation, Windows Hello/Hello for Business, TPM Platform Crypto Provider Key Storage, SecureBIO, DRTM, vTPM in Hyper-V,” Microsoft told BleepingComputer.

      You could write it so that Windows Calc will refuse to run without TPM 2.0 if you wanted to. It does not mean there is anything about Calc that actually needs it, though.

      Some of the things on that list (WD System Guard, Windows Hello) are things that have been a part of Windows for a while, but until now have not required TPM. You may be able to say that the TPM enhances the security of these features (which may or may not be true in a given situation), but that was not the claim they made. The claim they made is that the features require TPM, and really, they don’t, if MS didn’t arbitrarily decide that they now do.

      Other items from the list above (Measured Boot, Device Health Attestation, SecureBIO) are part of how the TPM system works, not actually features or benefits that require a TPM (kind of like how “piston” is not a benefit of having a car).

      Still more of the things (Device Encryption, TPM Platform Crypto Provider Key Storage, Windows Hello again) only “need” a TPM if best security practices are thrown aside in favor of convenience, which results in a less secure system compared to one that is well secured, not a more secure one. If you use a strong password whose salted hash is used as an encryption key, you don’t need the TPM to store the key when the system is offline, since the key is not actually stored at all. A key stored in a TPM is more vulnerable than one that isn’t stored. (In both cases, a system that is online will be at risk of the key being intercepted from RAM; the TPS does not prevent this.)

      VTPM looks like it will just pass through the virtual TPM function to the actual TPM. MS could also write it so that the virtual TPM writes to the hard disk or SSD on the host, which is still protected storage as far as the virtualized (guest) system is concerned. If that volume on the host was then encrypted by means of strong password, an actual TPS would not be of much benefit.

      Then there’s DRTM, which seems completely unnecessary if secure boot is enabled, since the whole function is to enable a boot to begin unsecured… but MS is demanding Secure Boot also.

      The point is that MS demanding that a TPM be available because of security concerns is deceptive at the very least. The TPM can increase security in a few circumstances, but to suggest that is necessary (to the point that even if you buy Windows 11 and install it yourself, it will refuse) is arbitrary, just as the “you need gen 8 or newer so you get the CPU designed with features that support the Windows Driver Model… and oh yeah, we are testing older versions too to see if they are stable enough for us to allow them.” So those features that only exist from 8 on up don’t actually matter then, right?

      MS is definitely up to something. Mr. Fastie wrote about that in the AskWoody newsletter, and it’s quite evident from up here in the bleachers too. None of what they are telling us is the truth, from the reasons for offering 11 to the reasons for requiring TPM or gen 8+. It’s just flim-flam after flim-flam.

      Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
      XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
      Acer Swift Go 14, i5-1335U/16GB, KDE Neon

      1 user thanked author for this post.
    • #2375381

      Works for Insider installs too.  I have 10.0.22000.51 running on a ThinkPad T420 with a 2nd-gen cpu without secureboot or TPM2.

      There is no need for any registry or any other tweak with insider builds as the builds will install on ANY device compatible or not (including smartphones, Pi…).

      For now there are other tweaks like replacing W11 setup.esd file with W10 setup.wim (renamed to .esd)..

    • #2375390

      I honestly do not understand why there is all this effort to circumvent requirements for what is right now ‘alpha’ software.  When the specs were first published, I found that TPM modules for my motherboard were either not available at the various on-line retailers I use or they were exorbitantly priced on Ebay.  I can go into the BIOS and activate the equivalent security feature on my i7 CPU but will wait for the final Win 11 software to come out and also decide whether there are specific features that I need for day to day work.

      I already have Secure Boot enabled.

      • #2375878

        Microsoft’s ploy (if my guess is right) is having its intended effect. By telling so many people (owners of existing hardware that would be the prime target for an upgrade) that they can’t have Windows 11, they make it the forbidden fruit that people simply must have. That sense of urgency is presumably why people are planning now how to bypass the “you can’t have it” bit even though the product is not going to be available for some time.

        By the time Windows 11 is released, these requirements probably won’t be there except for OEMs. For upgraders, they will probably be downgraded to “recommendations,” and MS will act as if they’ve listened to customer feedback and responded accordingly, thus demonstrating how attentive they are to users of their products.

        My bet is that enforcing this policy on upgraders was never the actual plan.

        This new marketing technique (along with the well-timed and convenient “leak” that triggered all of this hoopla) is a much better ploy than the way they force-fed Windows 10 to users of previous versions. The tech forums and sites were abuzz with tips on how to prevent the upgrade to Windows 10, such as by the use of programs like “Never 10,” and the perceived undesirability of 10 (the natural reaction to witnessing something being pushed so hard by its purveyor) even entered the mainstream as a minor meme.

        By contrast, MS now has the same group of people scheming how to get 11 after they’ve been told they can’t have it, and even though it has many, if not most, of the same problems that made them reject 10 years ago, apart from the hard-sell from Microsoft. The company has apparently learned that cramming something down someone’s throat is not the best way to instill the idea that a given product is desirable. If you push something too hard, people are likely to wonder what the deal really is. Things that are really the best thing since sliced bread don’t have to be forced on unwilling customers! It’s the “methinks thou dost protest too much” thing.

        This could actually be another thing MS has copied from Apple. Apple has always marketed their products as being sort of an exclusive club, something that it is a privilege to join. It changes the way a lot of people perceive their products, and Apple gets away with things that would have buyers of any other company’s products rightfully bristling with anger.


        Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
        XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
        Acer Swift Go 14, i5-1335U/16GB, KDE Neon

        1 user thanked author for this post.
    • #2375879

      This could actually be another thing MS has copied from Apple

      Apple support new OS versions on its hardware for 8 years.

    • #2389171

      Note the info in paragraph 5


      Reproduced from an article published in ‘The Register’

      Microsoft does and doesn’t want you to know it won’t stop you manually installing Windows 11 on older PCs

      Hardware requirements loophole left in

      Chris Williams, Editor in Chief Fri 27 Aug 2021 // 20:25 UTC 

      Microsoft doesn’t want to say it publicly but it will not stop you manually installing Windows 11 on older or otherwise incompatible PCs.

      The Redmond giant is under fire for the stringent hardware requirements of its upcoming operating system, due to be formally released by the end of the year.

      To be officially supported by Windows 11, machines will need TPM 2.0 support; an eighth-generation or newer Intel Core processor, a Zen 2 or newer AMD processor, or a suitable Qualcomm system-on-chip; UEFI Secure Boot; at least 4GB of RAM; and a minimum of 64GB of storage. That means you need a fairly recent computer.

      In an announcement on Friday, Microsoft slightly expanded that processor compatibility list to include Intel’s Core X series and Xeon W series, and for some specific devices, Intel’s Core i7 7820HQ, which is found in Microsoft’s Surface Studio 2. In other words, no, Redmond essentially isn’t easing up on the installation restrictions.

      But what it doesn’t want to say out loud is that these hardware requirements will only be enforced if you upgrade from Windows 10 to Windows 11 through Windows Update.
      If you, for example, install the OS manually from an official ISO file, or use Microsoft’s Media Creation Tool, the hardware checks will not be performed, and your older PC will not be blocked from running the operating system.

      This ability to sidestep the Windows 11 requirements is not in today’s announcement, though journalists were privately told of the loophole.

      If you run Windows 11 on non-supported hardware, you’re on your own without any support, any guarantee of security patches and software updates, nor any sympathy from Redmond: Microsoft claims “devices that do meet the minimum system requirements had a 99.8% crash free experience,” and those that did not “had 52% more kernel mode crashes.”

      To us, it appears Microsoft does want some people to know that they can try Windows 11 on their PCs, regardless of the hardware requirements, and at the same time, it does not want to openly condone the use of its OS on unsupported machines. Similarly, you can use the ISO install route to put and activate Windows 10 on your PC for free using a Windows 7 or newer product key, another little detail Microsoft doesn’t promote.

      Redmond also said it’s polished up its PC Health Check app, used to determine whether or not your system meets Windows 11’s demands, so that it doesn’t suck quite as much. The software, which confused people with its warnings, was pulled, and will be re-released to the public in the next few weeks. Windows Insiders can already fetch and install it.

      “We missed an opportunity to provide clarity and accuracy through the PC Health Check app,” the Windows team said today. “This updated version expands the eligibility check functionality with more complete and improved messaging on eligibility and links to relevant support articles that include potential remediation steps.”

      The IT giant claimed it set the requirements of Windows 11 to improve driver reliability; improve security by, among other things, encouraging password-less authentication and using virtualization to protect the kernel, access credentials, and suchlike; and improve stability by narrowing the range of supported equipment.

      No one at Microsoft was willing to comment further on the record. ®

      1 user thanked author for this post.
    • #2390352

      Apparently this “hack” doesn’t work on the latest (installed) version of Windows 10 (21H2 19044.1237) I didn’t need the memory key since I’ve got 32GB of RAM and the PC Health Check only flagged the TPM and Secure Boot items. I was hoping it would allow it to at least pass the test but it’s still flagging those same 2 items. Any further work-arounds would be welcome – I just want it to skate by the Health Check test, if only just for grins. I’d take a shot at upgrading from the Windows Update site but a bare-metal install with the ISO is ‘way too much work at this point in time…

      • #2390367

        The only “hacks” that still work, for now, on unsupported hardware are :

        1. Windows 11 clean install
        2. Swapping Windows11 install.wim/esd with Windows 10 install.wim/esd

    Viewing 6 reply threads
    Reply To: Regedit to bypass TPM and SecureBoot

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: