- The BitLocker in Windows 10 is an excellent means for users to perform basic levels of encryptions.
- The guide below will show you how you can enable the BitLocker without using the TPM.
- Need to learn more about data encryption? We have many more guides on our Encryption page.
- Is security a major concern of yours? Read more about it on our dedicated Security page.
However, Bitlocker has its limitations – more like security features that prove to be a limitation for some. There is a security chip called Trusted Platform Module – or in short TPM – that is supposed to store the encryption key for your encrypted hard disk.
When you encrypt something, on the basic level it is comparable to putting something in a locker – so the name BitLocker actually does make sense. Any encrypted data has a key known as its encryption key – whoever has this key is able to decrypt the data.
Now obviously, this means the key needs to be stored somewhere safe – that is what the TPM chip is for.
Now the problem comes here – some older hard disks or even some newer ones don’t have this TPM chip, either because the hard disks were too old to consider it or the manufacturer was trying to keep the manufacturing costs low and thus skipped on an optional feature.
There is however a way to get around this requirement of a TPM and chip and encrypt your drive anyway.
How do you allow BitLocker without a compatible TPM?
- Open your Start Menu and type gpedit.msc, then click the top result.
- This will open the Group Policy Editor.
- Under Local Computer Policy, follow this path:
- Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Now locate Require additional authentication at startup and right-click it, then click Edit.
- On this window, click Enabled and under Options check the box that says Allow BitLocker without a compatible TPM.
- Now click OK, and close the Local Policy Editor.
- Now open the BitLocker setup once again on the drive you want to encrypt, it should ask you to go through a restart to prepare the disk.
- Once you have restarted, it will ask you to set up a Startup key for every time you start your PC
- This is the key that was supposed to be saved on the TPM chip but since we have bypassed that, you will need to save this on a USB flash drive.
- That’s your key now.
Now you can encrypt your hard disk even though it doesn’t have a TPM chip – and store the key for encryption in a handy USB flash drive that you can unplug from your PC to deny access to the drive. Exactly works like a physical key at this point.
This is the beauty of Windows – the reason Windows is so complex is because of how many options it features.
It’s easy to make a feature – it’s harder to make a feature that can be tweaked in every way possible.
By following our suggestions you should now be able to use your Bitlocker without any further issues. Let us know which solution you used by leaving your feedback in the comments section below.
Frequently Asked Questions
Yes, BitLocker uses the TPM as storage for the security key used for decryption.
BitLocker is still secure even if you don’t use the TPM, but the level is greatly reduced, admittedly.
Yes, BitLocker does work without a TPM, but users need to take extra care when managing their data.