Skip to content

Instantly share code, notes, and snippets.

@djibe

djibe/windows11-24H2-tpm-secureboot.md

Last active November 4, 2025 08:56
Show Gist options
  • Save djibe/87b6ae5157c309fb611b428445e9fce9 to your computer and use it in GitHub Desktop.
Save djibe/87b6ae5157c309fb611b428445e9fce9 to your computer and use it in GitHub Desktop.
Download ZIP
Install Windows 11 24H2 without TPM and Secure Boot requirements
Raw
windows11-24H2-tpm-secureboot.md

Install Windows 11 24H2 without TPM and Secure Boot requirements

  1. Create a Windows 11 ISO with Microsoft's Media Creation Tool
  2. Install Setup Patchium and run it (or try latest Rufus version directly and patch from there)
  3. Home tab: Select ISO, wait during processing
  4. Go to Install > Uncheck Remove upgrade and Check Disable Windows 11 compatibility restrictions, click Apply
  5. Optional: To install without a Microsoft account, go to Install OOBE tab. Click Integrate lumOOBE. This will break sysinstall.
  6. Click on Create ISO button
  7. Use Rufus or Ventoy (prefered) to run installation from a USB drive

Upgrade Windows 11

Download Windows 11 24H2.

  1. Download MediaCreationTool.bat
  2. Unzip archive and navigate to the /bypass11 folder.
  3. Find the file Skip_TPM_Check_on_Dynamic_Update.cmd, select it, right click > Run as Administrator.
  4. Then run a mounted Windows 11 installer ISO (See previous chapter or download from Microsoft)
    Right click on ISO file > Mount. Then launch the installer (setup.exe) from the virtual Drive.

Or use Flyby11

Want to create a script to configure Windows ? Use WinScript

@rusangarg
Copy link

rusangarg commented Aug 3, 2025

i am stucked on secure boot
tpm is removed but secure boot is still there

@Tataz2
Copy link

Tataz2 commented Sep 4, 2025

i am stucked on secure boot tpm is removed but secure boot is still there

I have made these changes before updating.

# These registry edition does not alone work for Windows 11 24H2. Not sure if needed anymore.
reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassTPMCheck" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassSecureBootCheck" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\Setup\LabConfig" /v "BypassCPUCheck" /t REG_DWORD /d 1 /f


# This is what Rufus does
# https://github.com/pbatard/rufus/issues/2568#issuecomment-2387934171
# https://github.com/pbatard/rufus/blob/master/res/setup/setup.c#L109C102-L109C115
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CompatMarkers" /f
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Shared" /f
reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TargetVersionUpgradeExperienceIndicators" /f
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\HwReqChk" /v "HwReqChkVars" /t REG_MULTI_SZ /s "," /d "SQ_SecureBootCapable=TRUE,SQ_SecureBootEnabled=TRUE,SQ_TpmVersion=2,SQ_RamMB=8192" /f
reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v "AllowUpgradesWithUnsupportedTPMOrCPU" /t REG_DWORD /d 1 /f

@djibe
Copy link
Author

djibe commented Sep 4, 2025

Hi @Tataz2 , Secure Boot is temporarly disabled from the UEFI settings, not from Windows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment