TPM 2.0 Support for Dell Optiplex 3020?

Along with TPM 2.0, the CPU must be an 8th gen or later.

I have a 3 year old Dell inspiron laptop with a 7th gen so it will not qualify for Win 11 as the spec's are now.

Newer Models Like 3020 have secure boot and Intel® Platform Trust Technology (Intel® PTT) instead of hardware TPM

https://www.dell.com/support/kbdoc/en-us/000181412

If you do not see TPM options in Bios its because you have INTEL PTT.

Intel PTT is basically the BIOS alternative to a the hardware based TPM. Intel PTT works on pretty much every processor/chipset since 4th Gen Core (Haswell) processors were introduced and it even supports Bitlocker. This is because Intel PTT supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0.

https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/4th-gen-core-family-mobile-brief.pdf

Intel Haswell 4th Gen and Broadwell 5th Gen forward have INTEL Boot Guard and PTT.

This means low as you can go is Optiplex 3020 7020 9020  and XE2 models, Inspiron 3847, XPS 8700 and other models that shipped with Windows 8 and have secure boot UEFI and PTT or TPM 2.0

How to troubleshoot and resolve common issues with TPM and BitLocker

https://www.dell.com/support/kbdoc/en-vn/000103639/

Amd Calls this Pro Security

https://www.amd.com/en/technologies/pro-security

https://www.amd.com/system/files/documents/pro-security.pdf

1. Full system memory encryption with AMD Memory Guard is included in AMD Ryzen™ PRO, AMD Ryzen™ Threadripper PRO, and AMD Athlon™ PRO processors. PP-3.
2. An OEM who has enabled the AMD Secure Boot feature grants permission for their cryptographically signed BIOS code to run only on their platforms using an AMD secure boot enabled motherboard. One-time-programmable fuses in the processor bind the processor to the OEM’s firmware code signing key. From that point on, that processor can only be used with motherboards that use the same code signing key.

@fireberd 

@Dell-BradL  @DELL-Chris M 

This should probably be a sticky at the top talking about WIN11 security requirements with Secure Boot.

"Along with TPM 2.0, the CPU must be an 8th gen or later."

I disagree.

2012 systems with Secure Boot Windows 8.0  think XPS 8700 4h Gen Haswell

have PTT and therefore TPM 2.0 starting in 2012

https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/enterprise-security-platform-trust-technology-white-paper.pdf

Overview

• Trusted Platform Module (TPM 2.0) - TPM 2.0 is a microcontroller that stores keys, passwords, and digital certificates. A discrete TPM 2.0 also supports Intel® vPro™ Technology and Intel® Trusted Execution Technology (Intel® TXT).

• Intel® Platform Trust Technology (Intel® PTT) - Intel® Platform Trust Technology (Intel® PTT) offers the capabilities of discrete TPM 2.0. Intel PTT is a platform functionality for credential storage and key management used by Windows 8* and Windows® 10. Intel PTT supports BitLocker* for hard drive encryption and supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0.

AMD calls the BIOS based TPM pro security.

https://www.amd.com/en/technologies/pro-security

https://www.amd.com/system/files/documents/pro-security.pdf

1. Full system memory encryption with AMD Memory Guard is included in AMD Ryzen™ PRO, AMD Ryzen™ Threadripper PRO, and AMD Athlon™ PRO processors. PP-3.
2. An OEM who has enabled the AMD Secure Boot feature grants permission for their cryptographically signed BIOS code to run only on their platforms using an AMD secure boot enabled motherboard. One-time-programmable fuses in the processor bind the processor to the OEM’s firmware code signing key. From that point on, that processor can only be used with motherboards that use the same code signing key.

I don't know about yours but I have a 3020 that was manufactured in 2015 and has TPM 1.2 which should run Windows 11 because the minimum is 1.2 and the recommended is 2.0

My Dell XPS 8900 has an i7-6700 CPU and the Microsoft PC Health Check App reports that the PC is not able to be updated to Windows 11 as the processor is not supported.  The only supported Intel processors are 8th gen. Coffee Lake or later.

If the motherboard supports firmware and hardware TPM encryption then the 8th Gen intel CPU can use its built-in TPM 2.0. My z370 Aorus Gaming 7 before i swapped out the 8700K for a 9900K said that the 8700K also had the built-in TPM 2.0 module even though the z370 Aorus Gaming 7 board had a slot for a physical TPM module. So, just by going into the UEFI (BIOS) and simply enabling it worked. Go into windows and press (Win+R) then type "tpm.msc" and it will tell you exactly what you need to know. Regardless there are ways around this TPM and security nonsense. I got the Dev copy of Win11 running on my eVGA 680i SLi motherboard with a Core2Quad Q6600 from 2007-2008.

I agree @speedstep I have a 2017 Dell Inspiron Laptop that has a 6th Generation Intel Core i3 and it has TPM 2.1.

Models with Discrete hardware TPM and BIOS TPM aka INTEL PTT or AMD PSC must turn Hardware TPM Off to use the Bios based TPM.  You can possibly have both on a machine at the same time but it will not allow both to be enabled at the same time.

Advance, Windows Insider, versions of Win 11 will run on older hardware.  This does not diminish the fact that Microsoft is still sticking with 8th gen Intel CPU and later when the "final" release to the public version is made available.  Requirements may change by the time its released to the public but for now we must assume their 8th gen is minimum.

that's awesome, I have some Intel(R) Core(TM) i5-4590T 3020s, I'd hate to abandon them

I have Windows 11 (from the ISO) working on a 3020 SFF with 4690K CPU. 

I had to make a Registry change and affirm that the configuration is unsupported. Still, once the main installation was complete, Windows Update made available updates which downloaded and installed without issue.

exactly  how did you do it in laymans terms

what registry change did you make Thanks