If you can't enable BitLocker for a drive in Windows 10, with an indication errorerror: “This device cannot use a trusted platform module”, see below how to fix it.
BitLocker is a built-in Windows feature from the Windows Vista and after. It helps you encrypt the operating system as well as fixed drives, so you can protect your data on these drives.
Enabling BitLocker protection for a drive is very simple. You must go from exploring files to "My Computer" (Windows Vista / 7) or "This Computer" (Windows 8 / 8.1 / 10) and right-click the drive you want to protect.
In the context menu that will right-click, select "Enable BitLocker" and then follow the steps in Windows.
Some computers may not allow Windows to proceed with and send you the following error message:
This device cannot use a trusted platform unit. Your administrator must set the option "Allow BitLocker without TPM compatible" in the "Requires extra authentication at startup" policy for operating system volumes.
Η Trusted Module Platform aka TPM is the technology that provides security features in collaboration with hardware hardware. Generally TPM chips are such advanced technologies that they have security mechanisms that are malware-free. You can find more information about TPM on Wikipedia.
But let's see what TPM means (Reliable Platform Module) in the context of this error. This error will only appear when your system does not contain TPM-supported hardware. It generally happens with older machines. And in this case, BitLocker must encrypt the drive without TPM. When encrypting a drive without a TPM, you should use one at boot code access or a USB drive.
Upon completion of BitLocker, the basic information that makes up thw drive encryption will be stored on a USB drive and using it, you can access the data of the encrypted drive.
Therefore, to use BitLocker without TPM and to bypass this error, follow these steps:
NOTE: The following steps only work on Pro and Enterprise versions of Windows 10 / 8.1 / 8 / 7.
1. Press Win + R at the same time and in the run window that appears, type gpedit.msc and press OK. The "Local Group Policy Editor" window will open.
2. In this window go to:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives (Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System drives)
3. In the right pane of the operating system drives, look for the setting called "Requiring Extra Authentication at Startup" and double-click it to modify it.
4. Then, in the Configuration Policy window, select "Enabled" (top left). Also make sure that in the same window you have checked “Allow BitLocker without TPM compatible (requires password or boot key on USB flash drive). Click the Apply button, and then click OK. Turn off the local group policy editor.
You can now try to encrypt the same drive as BitLocker again and it should work this time.
