BitLocker has been an integral part of Windows family since Windows Vista. It helps you to encrypt operating system as well as fixed data drives so that you can protect the stuff on these drives. Enabling BitLocker protection for a drive is quite simple. You need to go to My Computer (in Windows Vista/7) or This PC (in Windows 8/8.1/10) and right click on the drive which you want to protect. In the right click context menu, choose Turn on BitLocker and you’re good to go. You can also enable BitLocker on drives using Desktop right click context menu.
But recently while enabling BitLocker for a drive, I found that I can’t do so. Following error message prevented me to encrypt the drive:
This device can’t use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Actually Trusted Module Platform aka TPM is the technology offering security functions with collaboration of hardware device. Generally used TPM chips are so advanced that they’ve security mechanisms which are even unbreakable by malicious software. You can find additional information about TPM on Wikipedia.
Now let us relate TPM in context of this error. This error will only be displayed when your system doesn’t contains TPM supported hardware. It generally happens with older machines. And in this case, BitLocker has to encrypt the drive without TPM. When you encrypt the drive without TPM, you need to use password or USB drive at start-up. Following that, the key information authoring the drive encryption will be stored in USB drive and using that, you can access data on the drive after encryption.
So to use BitLocker driver encryption without TPM and bypass this error, go ahead with following steps:
FIX : “This Device Can’t Use A Trusted Platform Module” For BitLocker In Windows 10/8.1/8/7
1. Press + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.
2. In the GPO snap-in, navigate here:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
3. In the right pane of Operating System Drives, look for Setting named Require additional authentication at startup and double click on it to modify it status.
4. Next, under the policy configuration window, select Enabled. Make sure you here check Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) option. Click Apply followed by OK. Close Local Group Policy Editor.
You can now re-try to encrypt the same drive with BitLocker and it should work this time.
Hope this helps!