When trying to encrypt a Windows partition with BitLocker on a computer that lacks a TPM module, you may encounter the error: "This device can't use a Trusted Platform Module". This tutorial introduces two methods to resolve this error, as outlined below.
When using the built-in BitLocker encryption feature in Windows to encrypt the system drive (C:), you may encounter the following error:
"This device can't use a Trusted Platform Module. Your administrator must select the 'Allow BitLocker without a compatible TPM' option in the 'Require additional authentication at startup' policy for OS volumes."
This error occurs because your computer does not have a TPM (Trusted Platform Module) chip. TPM is primarily used to store passwords, certificates, and encryption keys while providing hardware-based authentication and tamper detection. BitLocker relies on the TPM chip to generate and store the actual encryption keys, as well as to verify identity and detect tampering, thereby preventing unauthorized data access. If you encounter this issue and are looking for a solution, this guide will walk you through how to resolve the BitLocker encryption failure for the C: drive.
Step 1. Press "Windows + R", type "gpedit.msc" into the Run dialog box, and then press "Enter" to open the Local Group Policy Editor.
Step 2. In the left pane, navigate to: "Local Computer Policy" > "Computer Configuration" > "Administrative Templates" > "Windows Components" > "BitLocker Drive Encryption" > "Operating System Drives".
Step 3. Double-click the "Require additional authentication at startup" option in the right pane.
Step 4. Select "Enabled" at the top of the window, and ensure the "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" checkbox is enabled here.
Step 5. Click "OK" to save your changes. Your changes will take effect immediately—no need to reboot your computer.
After performing the above steps, you can use the Windows built-in BitLocker feature to encrypt the system partition without receiving the "This device can't use a Trusted Platform Module..." error message.
Step 1. Download and install Hasleo BitLocker Anywhere.
Step 2. Launch Hasleo BitLocker Anywhere, right-click the Windows drive letter (usually C:), then click "Turn On BitLocker".
Step 3. In this step, you are asked to choose how to unlock the Windows drive at startup. You can choose to enter a password or insert a USB flash drive each time you start your PC.
If you choose to enter a password at startup, you are required to specify a password for encrypting the drive, enter the password and click "Next". You should choose a password having a combination of upper and lower case letters, numbers, spaces, and special symbols.
If you choose to insert a USB flash drive at startup, you are required to specify a USB drive to save the startup key, select a USB drive and click "Next".
Step 4. After clicking "Next", you are asked how you want to backup the BitLocker recovery key. You can save the recovery key to a file or print a copy of it, then click "Next" to move on. Please note that anyone can use the recovery key to gain access to the drive, even if they do not have the startup key or password created in the previous step, so please do not disclose it to others.
Step 5. Now a pop-up will appear asking you if you want to reboot into pre-OS to encrypt the Windows partition. Click "Yes" to continue.
Step 6. Another pop-up will appear asking you if you want to build a WinPE image to continue. Click "Yes".
Step 7. Hasleo BitLocker Anywhere starts building WinPE. This may take several minutes, so please be patient.
Step 8. After successfully building the WinPE image, Hasleo BitLocker Anywhere will prompt you to reboot the computer. Click the "Yes" button to restart your system.
Step 9. Hasleo BitLocker Anywhere will now reboot and enter Pre-OS to encrypt the contents of the selected drive using BitLocker drive encryption. The encryption process could take a long time to finish depending on the size of the drive, so please be patient to wait. If you don't want to wait until the encryption operation is finished, "Shut down the computer when the operation is completed" option is a good idea. Just check it.
Step 10. After the encryption is complete, click the "Finish" button to close the window.
Step 11. Now you must enter the BitLocker password or plug in the USB drive containing the startup key before you can start Windows.
A: This error occurs because your computer does not have a TPM (Trusted Platform Module) chip. BitLocker relies on the TPM chip to generate and store encryption keys. Without TPM, Windows requires additional authentication configuration to allow BitLocker to work without TPM.
A: Yes, you can enable 'Allow BitLocker without a compatible TPM' in Group Policy, or use Hasleo BitLocker Anywhere which supports encrypting drives without TPM using password or startup key protectors.
A: Windows Home editions do not include BitLocker encryption feature at all. You need Hasleo BitLocker Anywhere to encrypt drives in Windows Home, and it works without TPM.
A: A password protector requires you to enter a password each time you start the computer. A startup key protector uses a USB flash drive containing the key file to automatically unlock the drive at startup.
A: Yes, encrypting the Windows system partition (C:) requires rebooting into pre-OS mode because the system files cannot be encrypted while Windows is running.
A: No, encrypting the drive will not erase your data. The encryption process converts data in place without deleting files.
A: Yes, you can access the encrypted drive on any Windows 7 or later computer by entering the password or using the startup key. For cross-platform access, you can use Hasleo BitLocker Anywhere for Mac or Linux.
A: If you lose both the password and recovery key, you will not be able to access the encrypted drive. Always back up the recovery key during encryption and store it in a safe place.
Above, we have introduced two methods to fix the "BitLocker failed to encrypt the C: drive" issue. Both methods can help you successfully encrypt the drive. However, the first method is not available in Windows Home Editions, as they do not include the built-in BitLocker encryption feature.
