As far as I'm aware, you can't install a TPM; the board needs to be designed for it, and if it's designed for it, it'll almost certainly have one installed already. Please prove me wrong, though, that'd be pretty darn cool and would make that requirement significantly less onerous.
Imagine my grumpy face at finding out my very nice laptop lacks TPM 2.0. :( It is, admittedly, from 2015, so I suppose that's a bit 'long in the tooth' - and since it'll still be in support until Oct 2025, I guess that's not too bad of a run.
Maybe I'll install Linux on it afterwards. Hahahahahahahah. (I've been saying I'll get into that for 20 years or so, and so far my biggest step was grabbing a self-help book from a garage sale. :D)
Another biiiiig gotcha to watch out for is the processor requirement - if you're using an Intel processor from before August 2017 (8th gen or later), you cannot use Windows 11 without upgrading it. Ditto AMD if you're not using a processor from around April 2018 or later (Ryzen 2nd gen or similar).
Would be SO NICE if the Health Check app would tell you what, exactly, was preventing you from being compatible - that would be so, so much more useful.
At least my desktop supports it.
After enabling all the security stuff in BIOS, then finding out Windows won't boot, having to blow up my C: drive, reinstall, blue-screen during reinstall, troubleshoot that, and reinstall again.
oh well.
At least I found out where to turn on the CPU hardware virtualization features while I was messing around in the BIOS. :) VMs are handy tools to have.
P.S. If I remember correctly, I didn't have Secure Boot and the like turned on BECAUSE I was thinking of dual-booting some flavor of Linux. And then have never gotten around to in the ensuing, uh, five or six years. :)