BitLocker is a full-disk encryption feature included with select editions of Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. Bit-Locker feature included with Professional, Ultimate, and Enterprise editions of Microsoft Windows. You can simply Right-click on the Drive and select Turn on BitLocker to encrypt a volume in Windows 10. But users notice while turn on Bitlocker Drive Encryption fail with error This device can’t use a Trusted Platform Module. And the bitlocker encryption cant start, The full message would be like.
This device can’t use a Trusted Platform Module. Your administrator must select the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Fix This device can’t use a Trusted Platform Module error
If you are also suffering from this error unexpected error This device can’t use a Trusted Platform Module while enabling bitlocker and looking for a solution to fix this problem. Here fallow below we have some tips to fix and allow Bitlocker without a compatible TPM.
Before the move to troubleshooting first, understand What exactly the error is. What is Trusted Platform Module (TPM) and what is Administrator policy?
What is Trusted Platform Module (TPM)
This is basically a chip that is on newer processors that have extra security features. When BitLocker uses TPM, it stores the encryption key on the chip itself. If you don’t have a chip that supports TPM, then you can still use BitLocker, but you’ll have to store the encryption key on a USB stick.
So what’s all the stuff about selecting X and Y policy for OS volumes? Basically, it’s a group policy setting that has to be changed that will allow BitLocker to work without the TPM requirement. And using group policy you can Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) to enable Bitlocker without a TPM chip. Let’s see how to do this on Group policy.
Note: As this Bitlocker is only available to windows pro editions the same thing group policy is also only available on pro editions. The Group policy feature is not available on Windows Home and starter editions.
Enable BitLocker in Windows 10 without TPM chip
Now we need to first open a Group policy to Allow Bitlocker without TPM. For this press win + R on Run Type gpedit.msc and hit the enter key.
In the Group Policy Editor, navigate to Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives.
Here double click on Require additional authentication at startup in the main window. Pay attention to choose the right option as there is another similar entry for (Windows Server). Now select Enabled in the upper left and activate Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) check box below.
That’s all Now Click Apply, OK, and exit the Group Policy Editor. And Update the Group policy to take effect changes Immediately. To do this press Win + R on run Type gpupdate / force and hit enter key.
A command prompt will open with updating policy. after successfully complete the update close the command and move to Turn On Bitlocker Drive Encryption. Now This time you didn’t face any problem or error.
Hope After perform this steps your problem This device can’t use a Trusted Platform Module error while Turn on bitlocker will be fixed.