When trying to encrypt a drive with BitLocker in Windows, you may get the “This device cannot use trusted platform module” error. This error is most likely caused by your computer not having Trusted Platform Module [TPM] support or not being enabled in Bios.
To fix the “This device cannot use trusted platform module” error, open the Group Policy Object Editor, navigate at Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Enable “Require additional authentication at startup.”
Let’s go through the process of encrypting a drive with BitLocker in the Windows process step-by-step.
I assume you already tried to encrypt a drive with BitLocker and received the This device cannot use trusted platform module” error.
Fix the “This device cannot use trusted platform module” error
1. Press the Windows key + R keys on your keyboard, type gpedit.msc and click the OK button.
2. In the Group Policy Object Editor window, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
3. Double-click on Require additional authentication at startup, check Enable and click OK to confirm the change. Close the Group Policy Object Editor window.
Encrypt a disk with BitLocker
1. Open the File Explorer, right-click on the drive you want to encrypt, and select the Turn on BitLocker option. You can see that the “This device cannot use trusted platform module” error no longer appears.
2. Next, chose how to encrypt your drive. I usually select the password option here. Choose the password, smart card, or automatically unlock the disk after the login option.
3. Now, we need a recovery key if we forget the password to decrypt an encrypted drive. Microsoft offers us four choices here: save the key on the Microsoft account [if you use one], store the key on a USB stick, save it to a file or print it on paper.
I prefer to save the BitLocker recovery key on my Microsoft account or a file that I place in a safe location [e.g., email or cloud]. USB sticks are not always reliable, plus they can be lost or stolen easily. As for printing the BitLocker recovery key on paper, no way. Select your preferred option, then click Next.
4. Choose how much of your drive is to be encrypted. You can instruct BitLocker to encrypt the used space on the disk only or the entire disk. Obviously, the latter will take a longer time. Select your choice and click Next.
5. Select which encryption mode to use. I usually choose the new encryption mode for laptops and desktops with internal disks, while for external disks is best to opt for the compatible mode option.
6. Lastly, review your BitLocker encryption settings before proceeding with disk encryption. Select the Start encrypt if you are ready.
BitLocker does not provide a “Back” option, so you will have to go through the above steps again if you stop the process here.
NOTE: If you use an SSD drive, the encryption process is very speedy. For the HDD, it will take a while longer. You will be able to use the disk or reboot the system during the encryption process unless you encrypt your system disk which will require a reboot.
Once BitLocker disk encryption is finished, you will receive a desktop notification.
If you want to remove the BitLocker encryption on your drive for whatever reason, click on the Windows Start button and navigate to Control Panel > System Security > BitLocker Drive Encryption. Select Turn Off BitLocker and select the drive you want to permanently decrypt.
This quick guide shows you the workaround for systems that do not support TPM and require a few extra steps to fix the “This device cannot use trusted platform module” error when attempting to encrypt a drive with BitLocker in Windows.
For more awesome tutorials and guides for Windows check HERE. If you found this troubleshooting guide useful, please share it around. Stay safe!