When trying to encrypt a Windows partition with BL on a computer that does not contain a TPM module, we get the "This device can't use a Trusted Platform Module." error. This tutorial introduces two methods to help us fix this error, the main content is as follows:
When we use the BitLocker encryption feature built into the Windows operating system to encrypt the Windows C: drive, you may get the error prompt 'This device can't use a Trusted Platform Module. Your administrator must select the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes.'. The reason for this problem is that your computer does not contain a TPM chip, TPM is mainly used to save passwords, certificates, and encryption keys, while providing hardware-based authentication and tampering detection. BitLocker uses the TPM chip to generate and store the actual encryption keys, and uses TPM's identity verification and tampering detection mechanisms to prevent illegal data access. If you encounter the same problem and are looking for a solution, here we will introduce in detail how to fix BitLocker failed to encrypt C: drive issue.
Step 1. Press Windows+R, type 'gpedit.msc' into the Run dialog box, and then press Enter to open the 'Local Group Policy Editor'.
Step 2. Navigate to 'Local Computer Policy' > 'Computer Configuration' > 'Administrative Templates' > 'Windows Components' > 'BitLocker Drive Encryption' > 'Operating System Drives' in the left pane.
Step 3. Double-click the 'Require additional authentication at startup' option in the right pane.
Step 4. Select 'Enabled' at the top of the window, and ensure the 'Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)' checkbox is enabled here.
Step 5. Click 'OK' to save your changes. Your change takes effect immediately, so you don’t need to reboot your computer.
After performing the above operations, you can now use the Windows built-in BitLocker feature to encrypt the Windows system partition without get the 'This device can't use a Trusted Platform Module ...' error message.
Step 1. Download and install Hasleo BitLocker Anywhere.
Step 2. Launch Hasleo BitLocker Anywhere, right-click the Windows drive letter (usually C:), then click "Turn On BitLocker".
Step 3. In this step, you are asked to choose how to unlock the Windows drive at startup. You can choose to enter a password or insert a USB flash drive each time you start your PC.
If you choose to enter a password at startup, you are required to specify a password for encrypting the drive, enter the password and click "Next". You should choose a password having a combination of upper and lower case letters, numbers, spaces, and special symbols.
If you choose to insert a USB flash drive at startup, you are required to specify a USB drive to save the startup key, select a USB drive and click "Next".
Step 4. After clicking "Next", you are asked how you want to backup the BitLocker recovery key. You can save the recovery key to a file or print a copy of it, then click "Next" to move on. Please note that anyone can use the recovery key to gain access to the drive, even if they do not have the startup key or password created in the previous step, so please do not disclose it to others.
Step 5. Now a pop-up will appear asking you if you want to reboot into Pre-OS to encrypt the Windows partition. Click "Yes" to continue.
Step 6. Another pop-up will appear asking you if you want to build a WinPE image to continue. Click "Yes".
Step 7. Hasleo BitLocker Anywhere starts building WinPE. This may take several minutes, so please be patient to wait.
Step 8. After successfully builded the WinPE image, Hasleo BitLocker Anywhere will prompt you to reboot the computer, click "Yes" button to allow Hasleo BitLocker Anywhere to reboot your computer.
Step 9. Hasleo BitLocker Anywhere will now reboot and enter Pre-OS to encrypt the contents of the selected drive using BitLocker drive encryption. The encryption process could take a long time to finish depending on the size of the drive, so please be patient to wait. If you don't want to wait until the encryption operation is finished, "Shut down the computer when the operation is completed" option is a good idea. Just check it.
Step 10. After the encryption is complete, click the "Finish" button to close the window.
Step 11. Now you have to enter the BitLocker password or plug in the USB drive which contains the startup key before you can start the Windows.
Above we will introduced two methods to fix BitLocker failed to encrypt C: drive issue, both of them can help you successfully encrypt the C: drive. However, the first method cannot be used in Windows Home Editions, because Windows Home Editions do not have the built-in BitLocker encryption feature.
