4

HP Pavilion complains about Bitlocker saying TPM is not found. Is there a setting that I need to enable in the motherboard or is there an update for it?

SgtOJ
  • 7,267
  • 5
  • 47
  • 64
Dr. Evil
  • 289
  • 1
  • 3
  • 9

1 Answers1

6

It's possible to encrypt your OS drive with BitLocker, but if your system does not have a built-in TPM, the only other options are to use a BitLocker Recovery Password (a 48-digit number you type at every boot) or a BitLocker Recovery Key (a 256-bit stored on a USB disk that must be inserted at every boot).

By default, group policy requires a TPM on the system for BitLocker to be enabled on the OS drive, which is why you're seeing this error. To change this policy:

  1. In start menu, type gpedit.msc and hit Enter.
  2. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating Systems > Require additional authentication at startup.
  3. In the radio buttons at the top, select "Enabled."
  4. Check the box marked "Allow BitLocker without a compatible TPM."
  5. Hit "OK."

From there, you should be able to enable BitLocker on your OS drive as normal. You may need to logoff/logon for the policy change to take effect.

mtlynch
  • 491
  • 5
  • 4
  • Yeah Thanks, I noticed this later on, however USB usage is makes it really risky. But still I guess taking 3 backups of the USB stick this is doable :) – Dr. Evil May 30 '11 at 05:45
  • Also, however unlikely, your system may support TPM but it is switched off in the BIOS. You should check there first so that you don't have to use a USB drive to unlock to access your system. – SgtOJ Sep 09 '11 at 23:15
  • is it just as secure? if I were say to use the flash drive recovery key technique? – Mikey Oct 13 '15 at 02:01
  • It's hard to secure your machine with just the Recovery Key (flash drive) because it means any time you boot your machine, you need the flash drive inserted. So you'd generally keep your key and machine together so anyone who gets access to your machine would likely have access to your key as well. In Win8 and above you can secure your machine with a passphrase you type at boot. I recommend this over Recovery Key. – mtlynch Oct 14 '15 at 03:22
  • The advantage to USB or other hardware encryption key is that remote hackers on the internet cannot access it since they wouldn't have physical access to your computer, so this advantage should NOT be downplayed – atom88 Oct 15 '15 at 18:38
  • @atom88 - BitLocker on the OS volume *only* protects you from an attacker with physical access. What good are your decryption keys to an attacker if they don't have physical access to your drive? If they can get remote code execution on your machine, it doesn't matter if it's BitLocker encrypted because decryption keys are in memory when the OS is running. – mtlynch Oct 16 '15 at 01:03