Facing the "Vanguard requires TPM 2.0 and Secure Boot" error when trying to launch your favorite Riot Games titles like Valorant or League of Legends can be incredibly frustrating. It's like your PC is speaking a foreign language, and Vanguard just isn't getting it! But don't worry, you're not alone, and this comprehensive guide will walk you through every step to get you back in the game.
Understanding the "Why": Vanguard, TPM 2.0, and Secure Boot
Before we dive into the solutions, let's quickly understand why this error pops up. Riot Games implemented these security measures to combat cheating and ensure a fairer gaming environment.
- Vanguard: This is Riot's proprietary anti-cheat system. It runs at a low level of your system to detect and prevent unauthorized software from interfering with the game.
- TPM 2.0 (Trusted Platform Module 2.0): Think of this as a secure cryptographic processor on your motherboard. It generates and stores cryptographic keys, making your system more secure and verifying its integrity. Windows 11 requires TPM 2.0, and Vanguard leverages it for enhanced security.
- Secure Boot: This is a security feature in your system's UEFI (Unified Extensible Firmware Interface) firmware that helps prevent malicious software from loading during the boot process. It ensures that only trusted software (like your operating system) can start.
When Vanguard throws the "TPM 2.0 and Secure Boot" error, it means one or both of these essential security features are either disabled or not configured correctly on your system.
Let's get you sorted, shall we?
Step 1: Are You Ready to Dive into Your PC's Core?
Before we proceed, it's important to understand that some of these steps involve navigating your computer's BIOS/UEFI settings. This is where your computer's fundamental hardware settings are configured. While we'll guide you carefully, it's always good to be prepared.
Are you comfortable restarting your PC and potentially making changes in a text-based interface? If the answer is yes, then let's begin! If you're unsure, you might want to consider seeking assistance from someone more familiar with PC hardware, or proceeding with extra caution.
Step 2: Check Your Current TPM and Secure Boot Status
First, let's verify if TPM 2.0 and Secure Boot are actually enabled. This will help us pinpoint the exact issue.
2.1: Check TPM Status
- Press the Windows key + R to open the Run dialog box.
- Type
tpm.mscand press Enter. - The "Trusted Platform Module (TPM) Management on Local Computer" window will appear.
- Look at the "Status" section.
- If it says, "The TPM is ready for use," and under "TPM Manufacturer Information," the "Specification Version" is 2.0, then your TPM 2.0 is enabled and working!
- If it says something like "Compatible TPM cannot be found" or the version is not 2.0, then you'll need to enable or verify your TPM in the BIOS.
2.2: Check Secure Boot Status
- Press the Windows key + R to open the Run dialog box.
- Type
msinfo32and press Enter. - The "System Information" window will appear.
- In the left pane, make sure "System Summary" is selected.
- On the right pane, look for "BIOS Mode" and "Secure Boot State."
- "BIOS Mode" should be "UEFI." If it's "Legacy," you'll likely need to convert your drive to GPT and reinstall Windows in UEFI mode, which is a more involved process (we'll touch on this later as a last resort).
- "Secure Boot State" should be "On." If it's "Off" or "Unsupported," then you'll need to enable it in your BIOS.
Step 3: Accessing Your BIOS/UEFI Settings
This is where things can vary a bit depending on your computer's manufacturer. The BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) is the firmware that starts when you power on your computer, before Windows loads.
- Restart your computer.
- As your computer starts up, you'll need to repeatedly press a specific key to enter the BIOS/UEFI settings. This key is typically displayed on the screen during the very first moments of boot-up.
- Common keys include: Del, F2, F10, or F12.
- For specific manufacturers:
- ASUS: Del, F2
- Acer: F2, Del
- Dell: F2, F12
- HP: F10, Esc
- Lenovo: F1, F2, Fn+F2 (for laptops)
- MSI: Del
- Gigabyte: Del, F2
- If you miss it, just restart and try again. Sometimes the window to press the key is very small.
Once you've successfully entered the BIOS/UEFI, you'll see a different interface, usually with a dark background and text-based menus, or a more modern graphical interface.
Step 4: Enabling TPM 2.0 in BIOS/UEFI
Now that you're in the BIOS/UEFI, let's find the TPM setting. The exact naming and location can vary significantly between manufacturers and motherboard models.
4.1: Navigate to Security or Advanced Settings
- Look for tabs or menus named:
- Security
- Advanced
- Boot
- Peripherals (for some AMD systems)
- CPU Configuration (for some Intel systems)
4.2: Locate the TPM Option
Within these menus, look for options related to:
- TPM (Trusted Platform Module)
- Intel Platform Trust Technology (PTT) (for Intel CPUs)
- AMD fTPM (for AMD CPUs - "firmware TPM")
- Trusted Computing
- Security Device Support
4.3: Enable the TPM Setting
-
Once you find the relevant option, use your keyboard's arrow keys to select it.
-
Change the setting from "Disabled" to "Enabled."
Example screenshot of a BIOS setting for TPM (conceptual):
┌───────────────────────────┐ │ BIOS Menu │ ├───────────────────────────┤ │ Main │ │ Advanced <───────────┐ │ │ Boot │ │ Security <───────────┤ │ │ Exit │ └───────────────────────────┘ └──────────────┬──────────────┘ │ │ Select "Advanced" or "Security" ▼ ┌───────────────────────────┐ │ Advanced / Security │ ├───────────────────────────┤ │ CPU Configuration │ │ PCH-FW Configuration │ │ ... │ │ Trusted Computing │ <─────── Locate this! │ ... │ └───────────────────────────┘ └──────────────┬──────────────┘ │ │ Select "Trusted Computing" ▼ ┌───────────────────────────┐ │ Trusted Computing │ ├───────────────────────────┤ │ Security Device Support: [Disabled] <──── Change to [Enabled] │ TPM Device Selection: [Firmware TPM] │ TPM State: [Enabled] └───────────────────────────┘ -
Important Note for Intel and AMD Users:
- If you have an Intel processor, you'll likely be looking for "Intel Platform Trust Technology" (PTT).
- If you have an AMD processor, you'll likely be looking for "AMD fTPM."
Step 5: Enabling Secure Boot in BIOS/UEFI
Enabling Secure Boot often goes hand-in-hand with TPM 2.0 for Vanguard.
5.1: Locate the Secure Boot Settings
- Navigate back to the Boot or Security section of your BIOS/UEFI.
- Look for an option named:
- Secure Boot
- Boot Mode (ensure it's set to UEFI, not Legacy)
- CSM (Compatibility Support Module) Support (often needs to be disabled for Secure Boot to work)
5.2: Enable Secure Boot
-
Set "Secure Boot" to "Enabled" or "On."
-
Crucially, ensure your "Boot Mode" is set to UEFI. If it's "Legacy," Secure Boot cannot be enabled, and you will need to convert your disk to GPT and reinstall Windows (as mentioned in Step 2.2).
-
You might also need to disable "CSM Support". This setting allows older, non-UEFI operating systems to boot. Disabling it is usually necessary for Secure Boot.
-
Some motherboards require you to "Restore Factory Keys" or "Install Default Secure Boot Keys" within the Secure Boot settings. If you see this option, perform it.
Example screenshot of a BIOS setting for Secure Boot (conceptual):
┌───────────────────────────┐ │ BIOS Menu │ ├───────────────────────────┤ │ Main │ │ Advanced │ │ Boot <───────────┐ │ │ Security │ │ Exit │ └───────────────────────────┘ └──────────────┬──────────────┘ │ │ Select "Boot" or "Security" ▼ ┌───────────────────────────┐ │ Boot Settings │ ├───────────────────────────┤ │ Boot Option #1: [Windows Boot Manager] │ │ Boot Mode: [UEFI] <───────────┐ │ │ CSM Support: [Enabled] <── Change to [Disabled] │ Secure Boot: [Disabled] <── Change to [Enabled] │ Secure Boot Mode: [Standard] │ Key Management... │ └───────────────────────────┘
Step 6: Save Changes and Exit BIOS/UEFI
After making these changes:
- Navigate to the "Exit" tab or section in your BIOS/UEFI.
- Select "Save Changes and Exit" or "Exit Saving Changes."
- Confirm your decision if prompted (usually by pressing "Y" for Yes or selecting "OK").
- Your computer will now restart.
Step 7: Verify the Changes in Windows
Once Windows has booted up, let's double-check that our efforts paid off!
7.1: Re-check TPM Status
- Press Windows key + R, type
tpm.msc, and press Enter. - Confirm that the "Status" now says "The TPM is ready for use" and the "Specification Version" is 2.0.
7.2: Re-check Secure Boot Status
- Press Windows key + R, type
msinfo32, and press Enter. - Confirm that "BIOS Mode" is "UEFI" and "Secure Boot State" is "On."
If both are correct, you're golden! Proceed to the next step.
Step 8: Launch Your Game!
Now for the moment of truth! Launch Valorant or League of Legends (or whichever Riot Games title was giving you trouble). Vanguard should now recognize your system's security settings, and you should be able to play without the TPM 2.0 error.
Troubleshooting (If the Error Persists)
If you're still facing issues, don't despair! Here are some additional troubleshooting steps:
8.1: Update Your BIOS Firmware
- An outdated BIOS can sometimes cause compatibility issues. Visit your motherboard manufacturer's official website (e.g., ASUS, MSI, Gigabyte, Dell, HP).
- Find your specific motherboard model and download the latest BIOS update.
- Follow the manufacturer's instructions carefully for updating your BIOS. This process can be delicate, and improper execution can damage your motherboard.
8.2: Reinstall Riot Vanguard (and the game)
- Sometimes, a corrupted Vanguard installation can be the culprit.
- Go to Settings > Apps > Apps & features (Windows 10) or Settings > Apps > Installed apps (Windows 11).
- Find "Riot Vanguard" and "Valorant" (or the problematic game).
- Uninstall both.
- Restart your PC.
- Reinstall the game. This will automatically reinstall Vanguard.
8.3: Disable Virtualization-Based Security (VBS) (Windows 10)
- While Windows 11 often requires VBS, on Windows 10, it can sometimes interfere with Vanguard if TPM 2.0 and Secure Boot are also enabled.
- Search for "Core isolation" in the Windows search bar and open "Device security."
- Under "Core isolation details," turn off "Memory integrity."
- Restart your PC.
8.4: Convert Disk to GPT and Reinstall Windows (Last Resort)
- If your "BIOS Mode" in
msinfo32is "Legacy" and not "UEFI," you cannot enable Secure Boot without converting your system drive to GPT. This is a complex process and often requires a clean installation of Windows. - Warning: This will delete all data on your system drive. Back up everything important first!
- You'll need to create a Windows installation media (USB drive) and boot from it in UEFI mode. During installation, you'll format your drive to GPT.
- This is a significant undertaking and should only be considered if all other options fail and you are comfortable with a complete system reset.
Frequently Asked Questions (FAQs)
How to check if my motherboard supports TPM 2.0?
The easiest way is to check in Windows using tpm.msc as described in Step 2.1. If it says "Compatible TPM cannot be found," then either it's disabled, or your motherboard doesn't support it. You can also consult your motherboard's manual or the manufacturer's website for specifications.
How to find my motherboard's BIOS key?
The BIOS key is often displayed on your screen during boot-up. If not, refer to Step 3 for common keys for popular manufacturers, or search online for "[Your PC Brand/Motherboard Model] BIOS key."
How to convert my disk from MBR to GPT without reinstalling Windows?
While possible with tools like mbr2gpt.exe (a built-in Windows tool), it's a risky process and still requires your system to be capable of booting in UEFI mode. A clean Windows installation after converting to GPT is generally recommended for stability if you're making this change specifically for Secure Boot and Windows 11.
How to update my BIOS safely?
Always download the BIOS update directly from your motherboard manufacturer's official website. Follow their instructions meticulously, as the process varies. Ensure your power supply is stable during the update.
How to disable CSM support in BIOS?
CSM (Compatibility Support Module) is usually found in the "Boot" or "Security" section of your BIOS. Look for "CSM Support" and set it to "Disabled." Remember to save changes before exiting.
How to know if my Windows version is compatible with Vanguard's requirements?
For Windows 11, TPM 2.0 and Secure Boot are generally required. For Windows 10, these are often recommended but not always strictly enforced unless VBS is enabled. Keep your Windows up to date via Windows Update to ensure the latest security patches and compatibility.
How to revert BIOS settings if I mess something up?
Most BIOS/UEFI interfaces have an option to "Load Optimized Defaults" or "Load Setup Defaults." This will revert all settings to their factory configuration. You can usually find this in the "Exit" section of your BIOS.
How to check if Virtualization-Based Security (VBS) is enabled?
You can check VBS status in Windows Security. Go to Start > Settings > Privacy & security > Windows Security > Device security > Core isolation details. Here you'll see the status of "Memory integrity" which is a key component of VBS.
How to contact Riot Games support for further assistance?
If you've tried all the steps and are still encountering the error, you can submit a support ticket to Riot Games. Visit their official support website and look for the "Submit a Ticket" option.
How to ensure my future PC builds or upgrades are compatible with Vanguard's requirements?
When buying new hardware, especially motherboards and CPUs, ensure they explicitly state support for TPM 2.0 (often built into modern CPUs as fTPM or PTT) and UEFI firmware with Secure Boot capabilities. This information is typically available on the product's specifications page.
