Written by
Wilsey YoungSummary: This post discusses the interaction of BitLocker and TPM and explains how TPM works with BitLocker. After reading this post, you can learn how to check whether your PC supports TPM and how to use BitLocker without TPM.
BitLocker is a special encryption feature included with certain versions of Windows. It can protect your precious data by encrypting the entire drive or specific volume with advanced encryption standards.
While the TPM (Trusted Platform Module) chip serves as a crucial element of BitLocker's security mechanism, so TPM chip and BitLocker encryption feature complement each other to add an extra layer of protection to secure the drive data.
In this post, let's explore the connection between BitLocker and TPM and how TPM works with BitLocker. You can also learn how to check whether your PC has TPM and how to use BitLocker without TPM on Windows.
What is TPM?
A Trusted Platform Module (TPM) chip is a hardware component embedded in many modern computers. TPM chip enables your computer to offer reliable hardware-based encryption features like BitLocker. It securely stores cryptographic keys, such as passwords, PINs, or BitLocker recovery keys, used for authentication and data access to encrypted devices.
The TPM chip can also add a solid security layer to your computer system thanks to its ability to perform cryptographic operations. By managing and safeguarding encryption keys in a protected manner, the TPM chip works perfectly with BitLocker to prevent unauthorized users from accessing the encrypted data even if the device is lost, stolen, or improperly decommissioned.
You can share this post with your friends!
How does TPM work with BitLocker?
BitLocker integrates with the TPM chip to enhance the security of encrypted drives. When you turn on BitLocker to encrypt a drive or specific volume, it uses the TPM chip to generate and store the encryption keys and encryption-related information.
During startup, the TPM chip will verify before releasing the encryption key to let the operating system boot up. If there's something wrong with the system, or hardware, and more is detected, you will encounter the recovery key blue screen as follows:
Therefore, you'll be required to enter the BitLocker recovery key if the TPM chip detects the following situations.
- The password or PIN is incorrectly input several times.
- TPM detects significant hardware changes.
- TPM detects BIOS or UEFI changes.
- TPM detects large Windows updates.
- TPM detects disk errors or corruptions.
- TPM detects possible unauthorized access.
This helps ensure that the system has not been tampered with, confirming that no unauthorized changes have been made and no unauthorized access is allowed. What to do when BitLocker keeps asking for the recovery key? You can read the following post to get the solutions: BitLocker Keeps Asking for Recovery Key: Causes & Solutions!
How to check whether your PC has TPM?
To check if your PC has a TPM chip, follow these steps:
- Press the "Windows+R" keys on your keyboard to open the Run dialog box.
- Type “tpm.msc” in the box and hit the "Enter" key to open the "Trusted Platform Module (TPM) Management on Local Computer" window.
- You will see TPM details here if your PC has one, including its version.
- When it says "Compatible TPM cannot be found," it means your PC does not have the chip.
Can I use BitLocker without TPM?
Yes, you can use BitLocker without a TPM chip. BitLocker can function without the TPM chip by using a password or USB key as an authentication method. You can follow the steps below to enable BitLocker without TPM:
- Press the "Windows+R" keys to open the Run dialog box.
- Type "gpedit.msc" in the box and hit the "Enter" key to open Local Group Policy Editor.
- Navigate to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Double-click the "Require additional authentication at startup" option.
- Switch from "Not Configured" to "Enabled."
- Check the box for "Allow BitLocker without a compatible TPM."
- Click "Apply" and "OK."
- After changing the BitLocker Group Policy settings, you can enable BitLocker without a TPM.
You can click the buttons below to share this post!