0

I need to install Windows 11 on an older PC that doesn't support TPM and SecureBoot.

According to this article, it's possible by creating DWORDs with the names BypassTPMCheck and BypassSecureBoot (both set to 1) in HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig. Unfortunately, that didn't work for me, as the Windows installer still says the hardware does not meet minimum system requirements, so I can't start installing.

I saw some comments that this technique doesn't work anymore, but the other described in the article (with using Rufus) does.

But instead of preparing a USB stick I just unpacked the .iso files to an internal SSD and booted up from it, as written here. As Rufus doesn't support and enlist internal disks (even after Ctrl-Alt-F), using Rufus in not an option.

Is there another way of disabling the checks during setup process or by modifying the .iso files manually?

Shtole
  • 3
  • 1

2 Answers2

1

You might be able to skip the setup process entirely and use dism to directly unpack Install.wim into a prepared empty C:\ volume.

  1. Minimize the "Setup" window, hit ShiftF10 to open a Command Prompt window.

  2. Use diskpart to partition the disk, roughly following the official Microsoft instructions (in particular the linked CreatePartitions-UEFI.txt script):

    DISKPART> sel disk 0
DISKPART> clean
DISKPART> conv gpt
DISKPART> create part efi size=100
DISKPART> format quick fs=fat32
DISKPART> assign letter=S
DISKPART> create part msr size=16
DISKPART> create part primary 
DISKPART> format quick fs=ntfs
DISKPART> assign letter=W

  3. Use dism to extract Windows:

    X:\> dism /get-imageinfo /imagefile:X:\Sources\install.wim

    Find the index of your desired Windows edition, fill it in /index: below:

    X:\> dism /apply-image /imagefile:X:\Sources\install.wim /index:1 /applydir:W:\

  4. Use bcdboot to install the bootloader:

    X:\> bcdboot W:\Windows /f UEFI /s S:

  5. Reboot:

    X:\> wpeutil reboot

(I don't bother with the recovery partition. A later Windows upgrade will end up creating one anyway.)

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
-1

Rufus is exactly what you need.

If you don't have or don't want to use a USB key, you might use a Windows Virtual Machine to emulate a USB drive, let Rufus do it's thing in said drive, then use that emulated drive as a primary IDE/SATA one so you can boot from, and finally inject your physical hard drive as a raw disk inside the Virtual Machine as a secondary one.

Once you've done installing, simply remove the drive from the Virtual Machine then put it in your PC.

Remember, if your PC is BIOS, then so does your "virtual Windows 11" installation.

 

Do note that Microsoft is trying hard to nag people to use Windows 11, by allowing people to get hooked on it by "allowing" BIOS installs and Secure-Boot or TPM less installs for a while, then as Microsoft said, "do not guarantee that these ways will work in the future" (let's put it frankly, will close the gates (and they have huge record of forcing things down peoples throat and not listening to users who paid Windows. It's now an "Industry Standard" for last few years now) like removing the ways for bypassing such scamish, people disowning and landfill-happy requirements.

 

Also, Microsoft will very likely prevent Rufus to allow such scam-less Windows 11 installation later, or even let you boot from such PC without "Secure" Boot or TPM. The upcoming Windows 12 (from 2024 at the earliest) should probably definitely forbid anyone who doesn't obey to Microsoft to be used. That, and because they'll probably enforce the Pluton chip, which may not be possibbly emulated by Virtual Machines since very little is known about it.

Your best bet to future proof your PC is definitely by using Windows 11 inside a Virtual Machine (with 3D/Hardawre acceleration enabled and 128MB of VRAM at the very least) that can emulates "Secure" Boot and TPM, such as VitualBox 7, under a Linux (which doesn't hogs CPU, RAM, GPU and disks as long as you're using XFCE for a usable lightweight GUI) host.

That, or trying to use Linux as much as you can, and resort to virtual machines if Windows is really needed if you want to still own your hardware.

X.LINK
  • 2,291
  • 5
  • 23
  • 33
  • @Ramhound: Reasons are good, but as usual, implementations are really bad. "Secure" Boot has been more of a DRM trojan than for true security reasons, it has been defeated: https://www.theregister.com/2023/03/01/blacklotus_malware_eset/ , like all "Security" features like, Intel ME, SGX, etc who all brought more security holes in the end as a fact. Should "Secure" Boot not being enforced by Microsoft or that UEFI Class 3+ (can't disable "Secure" Boot at all like on ARM) a thing, let the people decide to take the risks and responsibility instead of overriding anyone like a tyrannic evil. – X.LINK Mar 05 '23 at 16:53
  • Secure Boot isn't something Microsoft created. So you can be negative towards Secure Boot but Microsoft isn't the reason it has problems. How I see it is that Microsoft is at the mercy of Intel and AMD. Furthermore, Secure Boot among other security features enabled, prevent software tools to cheat in video games and companies large companies want additional security with their hardware. – Ramhound Mar 05 '23 at 17:05
  • Hasn't created doesn't mean they don't have control. Microsoft is the top Certificate Authority, and is blame-shifting OEMs since Microsoft won't force them to mandate to allow Third-Party Certificate Authorities (e.g. the machine's owner). Them not allowing for ARM devices to be anything than UEFI Class 3+ when everything is going ARM more and more by the day is a clear sign of staged lock-in and disownership. Microsoft is not at the mercy of Intel or AMD since they have a saying in the ARM's world, and has made the Pluton chip, which is used as a DRM on XBox. – X.LINK Mar 05 '23 at 17:33
  • Also, game companies are "lazy" to rely on "Secure" Boot since they are far more (let's say it "expensive", but it's not like those billions aren't going anywhere to something useful like shareholders and hedge-funds black-holes pockets) ways to prevent cheating, even more since Deep Learning is now a thing and is getting better and better. Same goes for any other usages. There is a saying from the World Economic Forum: "You'll own nothing, and you'll be happy". To Lennart Poettering's (who works for Microsoft, and sabotaging Linux): "A Brave new "trusted" world". – X.LINK Mar 05 '23 at 17:38
  • Just look towards *Escape from Tarkov*, it’s come out that if you cheat in that game, to use those applications you have to disable Secure Boot and NOT install Valrorant because it’s AC picks up EFT cheats but not BattleEye – Ramhound Mar 05 '23 at 18:55