Encrypting hard drives with BitLocker normally requires a Trusted Platform Module (TPM) chip on the computer’s motherboard. BitLocker stores the encryption key in the TPM instead of the hard drive, which makes encryption more secure. If your PC does not have a TPM, you will not be able to enable BitLocker on your operating system drive (C:) and will receive an error message as shown in the figure below.
But don’t worry, that doesn’t mean you have to give up using BitLocker on a computer without a TPM. There is a hidden option in Windows 10 that allows you to enable BitLocker without a TPM. All you need to do is enable the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for the OS volume. Follow these procedures.
Step 1: Press Windows key + R to open the Run dialog. Then type gpedit.msc and click OK to open Local Group Policy Editor.
Step 2: In the left pane of Local Group Policy Editor, expand Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Select the Operating System Drives folder and then in the right pane, double-click on the “Require additional authentication at startup” policy to configure it.
Step 4: Select the Enabled radio button and make sure that the “Allow BitLocker without a compatible TPM (requires a password or startup key on a USB flash drive)” option is checked. Then click Apply.
The change will take effect immediately, without restarting Windows 10. Next, you can enable BitLocker for the operating system drive on your computer without a TPM.
Step 1: Go to This PC, right-click the drive you want to enable BitLocker for, and then select Turn on BitLocker.
Step 2: You’ll first be asked how you want to unlock your drive when your PC starts up. If your PC had a TPM, you could have your computer automatically unlock the drive or use a short PIN that requires the TPM present. Because your PC does not have a TPM, BitLocker requires you to enter a secure password or insert a USB flash drive to unlock the drive.
Step 3: BitLocker will generate a recovery key that can be used to unlock your drive, just in case you forget your password or lose your key stored on the USB flash drive. So, in this step, you will be asked to backup your BitLocker recovery key to a safe location.
Step 4: After the recovery key is saved, click Next and follow the remaining steps on the screen to enable BitLocker to encrypt your drive. Then wait for the encryption process to complete.
After BitLocker is enabled on the operating system drive, the encryption will take effect when Windows 10 starts. Then, each time your PC starts or restarts, you’ll have to enter your password or insert the USB flash drive to unlock the drive. If you can’t provide the password or USB drive, BitLocker won’t be able to unlock your drive and you won’t be able to boot into your Windows system and access your files.