When you enable BitLocker on operating system drive and your system is equipped with Trusted Platform Module (TPM), you can set a BitLocker PIN instead of password. We all know that a PIN provides better security as compared to traditional password.
But if there are some issues with TPM, BitLocker drive encryption would not work properly. Under such condition, following error appears, when you try to enable BitLocker on your Windows operating system drive:
BitLocker could not be enabled.
The BitLocker encryption key cannot be obtained from the Trusted Platform Module (TPM).
C: was not encrypted.
Following factors may cause this issue on your system:
1. UEFI and secure boot is disabled.
2. You’ve TPM 2.0 installed and UEFI plus secure boot disabled.
3. TPM is outdated and requires update.
4. BIOS is outdated and requires update.
5. The disk is MBR partition style and requires GPT conversion.
If you’re also facing this problem, here is how you can solve it:
FIX: ‘BitLocker Could Not Be Enabled, The BitLocker Encryption Key Cannot Be Obtained’ In Windows 10
FIX 1 – General Suggestions
You can try below mentioned suggestions and see if they helps you:
1. Try to enable BitLocker via TPM.
2. Temporarily disable TPM in BIOS settings and try enabling BitLocker then.
3. If you still want to go with TPM, update BIOS and TPM on your system, if there is an update pending.
4. Make sure you’ve latest Windows Updates installed.
If you still have the issue, refer FIX 2.
FIX 2 – Advanced Method
1. Press + X keys and select Disk Management.
2. In Disk Management, right click on your operating system disk (not partition/volume) and select Properties. On the property sheet, switch to Volumes tab and check the Partition style. If it says Master Boot Record (MBR), we need to convert the disk to GUID Partition Table (GPT). If the disk is already GPT, no conversion required, you can directly go to step 4 below.
3. So if your disk is MBR, you can use MBR2GPT tool available in Windows 10 V1703 or later to convert your disk to GPT without losing your data. Open administrative Command Prompt and type
mbr2gpt /convert /allowFullOS and press Enter key.
4*. Once the MBR to GPT conversion completed, restart your system and press F10 or F12 key (you can confirm this key from your device manufacturer) repeatedly to access one-time boot menu. Select Change Boot Mode Settings.
*This step may vary with your device. The aim here is enable UEFI boot mode with secure boot enabled.
5*. Then change boot mode to UEFI Boot Mode, Secure Boot ON. Save these settings and reboot the machine.
6. After you login, press + R to open Run, type
tpm.msc and click OK to open TPM Management snap-in.
7. In TPM Management snap-in window, under Actions, click on Prepare the TPM option (refer screenshot below). If you’ve Prepare the TPM option greyed out, make sure TPM is enabled in BIOS.
8. Try to enable BitLocker on operating system drive now and this time it should work without any error.
Hope this helps!