There are few guardrails here, and you can lose a lot of important data very fast. We're on a very simple mission here, and nothing I recommend below will do any damage to your machine or data, but changing firmware settings in your BIOS menu can have a wide-ranging impact. If this is your first time working in a BIOS menu, stick close to the instructions and don't veer too far from the beaten path.Always back up your important files before making any big changes to your computer.
It's also a good idea to get in contact with your local PC repair shop having a qualified professional on standby is the best way to get back on track if you get turned around or encounter roadblocks.
If your machine is owned and maintained by your company or school, it may have a unique security configuration that your IT staff will need to handle.
On the other hand, it can prevent you from being able to install a second operating system on your machine, giving you two to choose from when you first start up your computer. On the one hand, it can prevent certain classes of invasive malware from taking over your machine and is a core defense against ransomware. It's both a good and bad thing for a Windows machine.
Secure Boot is a feature in your computer's software that controls which operating systems are allowed to be active on the machine. In Russia, TPM use is only allowed with permission from the government. China uses its state-regulated alternative, TCM.
TPM-equipped machines generally aren't shipped in countries where western encryption is banned. However, it also allows remote attestation (authorized parties can see when you make certain changes to your computer) and may restrict the kinds of software your machine is allowed to run. An updated and enabled TPM is a strong preventative against firmware attacks, which have risen steadily and drawn Microsoft's attention. TPMs are controversial among security specialists and governments. TPM 2.0 is the most recent version required.
Previously, Microsoft required original equipment manufacturers of all models built to run Windows 10 to ensure that the machines were TPM 1.2-capable. A TPM has been a mandatory piece of tech on Windows machines since 2016, so machines older than this may not have the necessary hardware or firmware. Some TPMs are virtual or firmware varieties but, as a chip, a TPM is attached to your motherboard during the build and designed to enhance hardware security during computer startup. TPM microchips are small devices known as secure cryptoprocessors.