BitLocker is a necessary setup for encrypting Windows computers and preventing unauthorized access. However, sometimes, it might cause unnecessary issues with the system. Many users reported that while trying to activate BitLocker, they face the following error:
This device can’t use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
This device can’t use a Trusted Platform Module
If we notice carefully, this error is more of a statement. However, to understand better, we need to know the meaning of the terms used in the error message.
- Trusted Platform Module: The TPM is a chip which is typically present in newer systems. It stores the BitLocker key. In case is not present in the system, the key could be stored on a USB drive.
- Administrator policy: It is the group policy set by server managed systems. However, the interesting thing about the error is that it was reported on general user systems and not company managed systems.
Here are two suggestions that may help you.
1] Allow BitLocker without TPM
Now that we understood the error, the fix is exactly as mentioned in the statement.
Press Win + R to open the Run window and type gpedit.msc and press Enter to open the Group Policy Editor.
Expand the folders in the following order: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
On the right-hand side of the window, locate the option “Require additional authentication at startup” among the list of options. Double-click on it to open its settings window.
The setting is set at Not Configured by default. Change it to Enabled.
When you set the radio button to enabled, it automatically checks the option for Allow BitLocker without a compatible TPM. If it doesn’t, please make sure to check the box before proceeding further.
Click on Apply and then OK to save the settings.
Now open the Control Panel and click on the option to Turn on BitLocker. It needs administrator access.
See if it has helped.
2] Clear TPM
If you still wish to use the TPM and are sure that your system has the device as a part of the hardware, you could try clearing the TPM. The procedure is as follows:
Clearing TPM might affect the data on the system, so kindly backup your data before proceeding with this step.
Press Win + R to open the Run window. Then type the command tpm.msc and press Enter. It will open the TPM window.
Under the Actions tab, please click on Clear TPM and restart the system.
If the TPM is OFF, you will find an option to Initialize TPM under the Actions tab. Click on that option and restart the system.
If the TPM were never initialized, then a wizard to set up the TPM would prompt with the Turn on the TPM security hardware dialogue box. Follow the steps in the Wizard, and once the TPM is set, please reboot the system.
Hope something helps.