• To enable TPM and Secure Boot for a Windows 11 VM, the VMware Workstation wizard will include providing an “Encryption Information” page to set up the TPM feature. Also, to enable Secure Boot, you must complete this configuration from the virtual machine “Options” settings.
  • It’s also possible to update an existing virtual machine to support TPM, Secure Boot, and UEFI, but you will have to make sure to update the VM storage type from MBR to GPT.

On VMware Workstation , if you want to create a virtual machine to run Windows 11, you must enable the Trusted Platform Module (TPM). Otherwise, you won’t be able to install the operating system. Secure Boot is highly recommended, but installing the operating system is not required.

A TPM is a chip that offers cryptographic functions, such as generating and storing encryption keys to enable features like Windows Hello , BitLocker , and others.

Secure Boot is a firmware technology that protects the boot process so that malware (such as rootkits) cannot attack the trusted operating system during startup.

Since we are dealing with virtualization, you are not required to have the hardware components physically on the device, meaning that you can run a Windows 11 virtual machine even on a Windows 10 computer without TPM, Secure Boot, or UEFI (Unified Extensible Firmware Interface).

In this guide , I will explain the steps to enable TPM and Secure Boot on VMware to install Windows 11 on a virtual machine. These instructions apply to Windows 11 and 10 and other supported platforms.

  • Create Windows 11 VM on VMware with TPM and Secure Boot support
  • Enable TPM and Secure Boot on VM to install Windows 11

Create Windows 11 VM on VMware with TPM and Secure Boot support

To create a virtual machine with support for TPM and Secure Boot, use these steps:

  1. Open VMware Workstation .
  2. Click the File menu and select the “New virtual machine” option.
  3. Click the Next button.
  4. Select the latest virtual machine hardware compatibility option.
  5. Click the Next button.
  6. Select the “I will install the operating system later” option.
  7. Click the Next button.
  8. Select the Microsoft Windows option under the “Guest operating system” section.
  9. Choose the Windows 11 x64 option under the “Version” section.
  10. Click the Next button.
  11. Confirm a name for the Windows 11 VM.
  12. Confirm the location where the virtual machine will be stored.
  13. Click the Next button.
  14. Select the “Only the files needed to support TPM are encrypted” option.
  15. Confirm the encryption password.
  16. Check the “Remember the password on this machine in Credential Manager” option.
  17. Click the Next button.
  18. (Optional) Choose the “Split virtual disk into multiple files” option.
  19. Specify the disk size in gigabytes (64GB or higher).
  20. Click the Next button.
  21. Click the Finish button.
  22. (Optional) Right-click the virtual machine and choose the Settings option.
  23. Select the Memory option and choose the desired amount of memory for the device (at least 8GB is recommended).
  24. Choose the Processors option and select the number of cores for the device (at least four cores are recommended).
  25. Click the Options tab.
  26. Click on Advanced .
  27. Check the “Enable secure boot” option under the “Firmware type” section.
  28. Click the OK button.

After you complete the steps, you should be able to install Windows 11 on a virtual machine using VMware Workstation.

Enable TPM and Secure Boot on VM to install Windows 11

To enable TPM and Secure Boot on an existing VMware virtual machine, use these steps:

  1. Open VMware Workstation .
  2. Select the virtual machine.
  3. Click the VM menu and select the Settings option.
  4. Click the Options tab.
  5. Select the Access Control option.
  6. Select the Encrypt button under the “Encryption” section.
  7. Select the “Only the files needed to support TPM are encrypted” option.
  8. Create an encryption password.
  9. Click the Encrypt button.
  10. Click on Advanced .
  11. Select the “UEFI” option and check the “Enable secure boot” option under the “Firmware type” section (if applicable). Warning: Changing the firmware type may cause problems because you would have to update the drive partition from MBR to GPT before the system can boot in the new firmware type. If you don’t already have the VM with UEFI, I would highly recommend creating a new virtual machine.
  12. Click the Hardware tab.
  13. Click the Add button.
  14. Select the “Trusted Platform Module” option to run Windows 11.
  15. Click the Finish button.
  16. Click the OK button.

Once you complete the steps, the computer should include the required security components to pass the requirements check to upgrade to Windows 11.

  • To set up a fingerprint reader on Windows 11, open Settings > Accounts > Sign-in options , select “Fingerprint recognition,” click “Set up,” click “Get started,” and use the sensor to register your fingerprint.

On Windows 11 , you can set up a fingerprint reader to sign in using only your finger, and here’s how. Windows Hello is the name of the feature that Microsoft has chosen to describe the support for more secure ways to sign in to Windows 11 using biometric and Personal Identification Number (PIN) authentication.

This feature allows you to replace a traditional complex and less secure password with a more secure and easy-to-use authentication method, including facial recognition , fingerprint, and PIN to unlock a Windows 11 computer.

This guide will teach you how to configure and remove Windows Hello using a fingerprint reader on Windows 11.

  • Enable Windows Hello fingerprint recognition
  • Remove Windows Hello fingerprint recognition
  • Windows Hello compatible hardware

Enable Windows Hello fingerprint recognition

To unlock Windows 11 using a fingerprint reader, use these steps:

  1. Open Settings on Windows 11.
  2. Click on Accounts .
  3. Click the Sign-in options tab.
  4. Under the “Ways to sign in” section, select the Fingerprint recognition setting.
  5. Click the “Set up” button to enable the Windows Hello fingerprint feature.
  6. Click the Get started button.
  7. Confirm your Windows 11 account password.
  8. Touch the fingerprint sensor as indicated in the wizard.
  9. Continue with the on-screen directions to capture your fingerprint from various angles. Quick tip: It’s recommended to click the “Add another finger” option to configure a second and even a third finger you can use if you encounter problems signing in.

Once you complete the steps, you should be able to lock your device (including using the “Windows key + L” keyboard shortcut) and then use the fingerprint reader to sign in with the finger that you configured.

Remove Windows Hello fingerprint recognition

To remove the Windows Hello fingerprint on Windows 11, use these steps:

  1. Open Settings .
  2. Click on Accounts .
  3. Click the Sign-in options tab.
  4. Under the “Ways to sign in” section, select the Fingerprint recognition setting.
  5. Click the Remove button.
  6. Click the Remove button again to disable the Windows Hello fingerprint option.
  7. Confirm the Windows 11 account password.
  8. Click the OK button.

After you complete the steps, you can continue signing in with a traditional password. If you have configured Facial recognition or PIN, you must remove those configurations using the same steps to disable the Windows Hello feature entirely on Windows 11.

Windows Hello compatible hardware

If you want to sign in to Windows 11 using your facial recognition or fingerprint, you can find many devices with Windows Hello built-in, such as the Surface Pro 8 , Surface Laptop 4 , Surface Go 3 , and many others.