I try to enable BitLocker encryption on windows system, while an error message suddenly pops up, which says “This device can't use a Trusted Platform Module”. I'm a little confused, and want to know how to enable TPM BitLocker protection mode?
For your error message, it’s because that your computer doesn’t support or haven’t enabled the embedded TPM chip. However, you can still enable BitLocker without TPM, or you can add a TPM security chip to your computer. Keep reading to know more about TPM mode.
TPM (Trusted Platform Module) is an important part of BitLocker encryption and one of the BitLocker password protection methods. Next, I will give you detailed instructions about the problems possibly encountered when using TPM BitLocker encryption.
Firstly, we need to figure out what TPM is. TPM, which can be regarded as the "security processor" of computer, has its functions mainly focus on two aspects:
On the one hand, it’s able to generate and verify the password in the computer with its built-in encryption algorithms. On the other hand, it’s used for storing vital keys. TPM is an encrypted storage unit. With its fully dedicated circuits, it allows the password storage process to bypass both the memory and the hard drive, which greatly enhances the safety of stored data with TPM embedded security.
TPM computer plays a crucial role in BitLocker encryption as it can not only securely store the BitLocker encryption keys but also ensure system integrity during Windows startup. If the system is tampered with, the BitLocker TPM chip will immediately prevent the system from booting, thus safeguarding the safety of BitLocker encrypted files.
When used in conjunction with BitLocker, TPM can provide hardware-level security. Through TPM, BitLocker can utilize hardware validation during the system boot process to ensure the security of data during encryption and decryption.
Step 1 Check if your computer support TPM and confirm your TPM version is 1.2 or higher.
Step 2 Ensure TPM is Enabled in BIOS/UEFI to meet BitLocker TPM requirement.
Step 3 Enter into BitLocker Drive Encryption panel, then click on "Turn on BitLocker" option besides system drive.
Step 4 When it occurs the option to "Run BitLocker system check", check it and click "Continue" to go on the TPM security hardware.
Step 5 Follow the guidelines to complete the initialization of TPM. Then it will prompt you to restart computer.
Step 6After your computer shuts down, waitting for its restart, until it display a BitLocker Recovery key screen. Enter the BitLocker password, then log into the Windows. The system drive will resume the BitLocker Encryption process.
Step 7Follow the wizard step by step until you complete the BitLocker encryption process.
Once your computer has TPM drive encryption, it can provide more hardware-bases security features. However, you can also leverage a password, USB startup key, or other methods to unlock BitLocker during startup. Though less secure than TPM, they can also protect your personal data to a certain extent.
Sure, Windows allows us to encrypt the operating system drive on devices without TPM supported. To configure this, we need to edit the related group policy. Let's take a look.
Benjamin
My pleasure to assist you. BitLocker offers multiple password protection methods for different scenarios. The BitLocker password is a solid barrier to BitLocker security.
Lydia
BitLocker is actually a reliable data encryption tool. However, the frequent prompt to enter the BitLocker recovery password is also a very disturbing thing. Now I’ll tell you which operations can trigger BitLocker and How to avoid it.
Lydia
This question needs to be answered in two scenarios. If you just move it to the Recycle Bin, it is possible to recover the data deleted from the BitLocker-encrypted drive.
Benjamin
