FlexTPMA lot of Windows systems ship without a TPM 2.0 module. Intel Macs, older desktops, custom builds with it disabled in BIOS, and VMs that do not pass through the host TPM all hit the same wall. Without TPM 2.0, Windows blocks a growing list of features that depend on platform security.
What breaks without TPM 2.0
- Windows 11 will not install or upgrade cleanly.
- BitLocker cannot create a TPM protector.
- Windows Hello PIN and biometric login are unavailable.
- Credential Guard and Core Isolation will not activate.
The fix
FlexTPM adds a fully functional TPM 2.0 device to Windows. After installation, Windows and applications see a standard Trusted Platform Module.
Installation
After reboot, Windows provisions FlexTPM through the standard TPM stack. FlexTPM passes Microsoft's remote attestation flow through Azure Attestation, which accepts FlexTPM and issues Microsoft-signed JWT attestation results.
- Purchase a license at flextpm.com/pricing.
- Download the installer with your key at flextpm.com/downloads.
- Run the installer.
- Reboot once.
Verifying it works
Option 1: Press Win + R, type tpm.msc, and hit Enter. TPM Management should show that the TPM is ready for use.
Option 2: Download PC Health Check from Microsoft. The Windows 11 requirements check should detect TPM 2.0.
Option 3: Open Windows Security and go to Device Security. Security processor details should list TPM 2.0 and Attestation as ready.
What works
- Windows 11 upgrade checks pass.
- BitLocker encryption can use a TPM protector.
- Windows Hello PIN login works, with biometric support when the hardware supports it.
- Credential Guard and Core Isolation can be enabled.
- Windows Security reports the TPM and attestation state.
Supported systems
FlexTPM is built for x86-64 Windows systems without a working hardware TPM 2.0, including Intel Macs running Windows, older PCs, custom desktops, and virtual machines without TPM passthrough.
Apple Silicon Macs are not compatible because they do not support Boot Camp Windows.