Windows 11

You can bypass the Windows 11 hardware requirement check, but it’s not a good idea

2021-01-25: Edited to reflect that settings that worked on Insider Preview builds no longer work with the released Windows 11 RTM builds.

Microsoft implemented some new hardware requirements for Windows 11, and a future Windows 11 release will likely enforce those same restrictions in virtual machines.

During the Insider Preview period, there were some registry values to skip those hardware checks during an installation:

[HKEY_LOCAL_MACHINE\System\Setup\LabConfig]
BypassTPMCheck=1
BypassSecureBootCheck=1
BypassRAMCheck=1
BypassCPUCheck=1

But those were removed when Windows 11 was released. (The latest version of Rufus still adds these registry values, so it won’t work for this purpose any more either.)

Now, there is a new registry key that you can set:

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup]
AllowUpgradesWithUnsupportedTPMOrCPU=1

As you can probably guess, this only bypasses two of the checks: the TPM and CPU checks. You still need to be using UEFI and SecureBoot, and you need to have enough RAM too. But if you don’t have a TPM, only have one CPU core, or are using an older CPU (prior to 8th generation), you can use this registry key to bypass those checks. (VMs will presently let you get past the UEFI and SecureBoot requirements, but that exclusion has already disappeared in the current Insider Preview builds, as I previously noted.)

You can add that registry value to a Windows 10 install and then upgrade it to Windows 11. It’s a little more tricky to handle those with Windows 11 media, if you are trying to use the ISOs to do a clean install of Windows 11. You can either do an image-based install, e.g. using DISM/MDT/SCCM/tool-of-choice to apply the INSTALL.WIM directly, or you can modify the media.

While you can bypass (some of) the requirements, that doesn’t mean it’s a good idea. Microsoft has effectively said that they don’t support such a configuration and could stop updating Windows 11 installed on devices that don’t meet the requirements. So maybe you want to do this for testing or lab usage, but I wouldn’t suggest it for production devices.

As discussed previously, all devices made in the past 6+ years will support TPM 2.0 (although you might need to turn it on in the firmware, look for “Intel PTT” on devices that don’t have a physical TPM chip to enable a firmware-based TPM). You really don’t want to bypass the RAM check (too little RAM leads to an awful user experience). And Secure Boot and UEFI are a good thing to keep rootkits away. As for the CPU requirements (effectively 8th generation and above), well, that’s a different debate, but in reality that’s tied to driver requirements for HVCI and VBS, so you would be able to use those features for older CPUs.

4 replies »

  1. You didn’t mention the CPU check. This one may be the hardest to swallow because you can have a system new enough for TPM 2.0 and all the rest and be one CPU generation behind the spec and you’re still never going to upgrade without a bypass.

    Like

  2. LabConfig parameters are for installation, not for upgrades. I tested them on a VM with the stable build this month, and they work, e.g TPM bypass.
    .
    AllowUpgradesWithUnsupportedTPMOrCPU is for upgrades only.

    But you don’t make a clear distinction between new installs and upgrades in this post. This muddies the waters even more.

    Like

  3. Unless MS is mistaken in their doc (and it wouldn’t surprise me given their messaging on this overall), the key doesn’t get you out of needing at least TPM 1.2. It does get you out of needing 2.0 though.

    Like