How to enable BitLocker without TPM on Windows 10

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • The BitLocker in Windows 10 is an excellent means for users to perform basic levels of encryptions.
  • The guide below will show you how to enable BitLocker without using the TPM.

Windows Bitlocker is a fantastic tool – allowing you to fully encrypt your data directly on the hard disk level, giving you an extra layer of privacy that you demand.

However, Bitlocker has its limitations – more like security features that prove to be a limitation for some. There is a security chip called Trusted Platform Module – or in short TPM – that is supposed to store the encryption key for your encrypted hard disk.

When you encrypt something, on the basic level, it is comparable to putting something in a locker – so the name BitLocker actually does make sense. Any encrypted data has a key known as its encryption key – whoever has this key is able to decrypt the data.

Now, obviously, this means the key needs to be stored somewhere safe – that is what the TPM chip is for.

Now the problem comes here – some older hard disks or even some newer ones don’t have this TPM chip, either because the hard disks were too old to consider it or the manufacturer was trying to keep the manufacturing costs low and thus skipped on an optional feature.

There is however a way to get around this requirement of a TPM and chip and encrypt your drive anyway.

How do you allow BitLocker without a compatible TPM?

  • Open your Start Menu and type gpedit.msc, then click the top result.
  • This will open the Group Policy Editor.
  • Under Local Computer Policy, follow this path:
    • Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  • Now locate Require additional authentication at startup and right-click it, then click Edit.
  • On this window, click Enabled and under Options check the box that says Allow BitLocker without a compatible TPM.
  • Now click OK, and close the Local Policy Editor.
  • Now open the BitLocker setup once again on the drive you want to encrypt, it should ask you to go through a restart to prepare the disk.
  • Once you have restarted, it will ask you to set up a Startup key for every time you start your PC
    • This is the key that was supposed to be saved on the TPM chip but since we have bypassed that, you will need to save this on a USB flash drive.
    • That’s your key now.

Now you can encrypt your hard disk even though it doesn’t have a TPM chip – and store the key for encryption in a handy USB flash drive that you can unplug from your PC to deny access to the drive. It exactly works like a physical key at this point.

This is the beauty of Windows – the reason Windows is so complex is because of how many options it features.

It’s easy to make a feature – it’s harder to make a feature that can be tweaked in every way possible.

In case you are stuck on the Preparing BitLocker recovery screen; read this guide to learn about the solutions.

By following our suggestions, you can now use your Bitlocker without any further issues. Let us know which solution you used by leaving your feedback in the comments section below.

More about the topics: Windows 10 Guides