Windows 10: Can't enable BitLocker with TPM only

I'm having a hard time getting BitLocker to work the same way on my newly built desktop as it does on my Surface Pro 3, i.e. the drive is unlocked instantly with the TPM and I go straight to the windows login screen.

When I try to configure BitLocker it just wants me to plug in an USB-drive to configure it as a startup key. I don't get any other options whatsoever.

I've activated and changed the group policy for startup so that all of the methods for unlocking are allowed. I also unchecked "Allow BitLocker without a compatible TPM".

I tried changing the TPM only-option to "required" but I just get some error saying that there's a conflict with the startup options. Changing the options regarding a startup key to "do not allow" gives me another error saying that "the startup options are configured incorrectly".

Is there another setting that I'm missing?!

I initially tried doing this with the fTPM that comes with my Ryzen 5 3600. Since I wasn't able to get it to work I bought a separate Asus Tpm-chip for my Asus ROG B450-E motherboard, reinstalled windows and still got the same results.

Not sure what other info is relevant, but I've enabled the TPMs in BIOS (not both at the same time), cleared both TPMs multiple times, installed the latest drivers for every component etc. Would greatly appreciate any help!

submitted by /u/My-username-is-too-l
[link] [comments]

:)

 

Bitlocker without TPM

Hi there,

I'm trying to use Bitlocker without TPM

My version is Windows 10 Home, and I try to follow -

To turn on BitLocker Drive Encryption on a computer without a compatible TPM

1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.

You have changed the policy setting so that you can use a startup key instead of a TPM.

1. Close the Local Group Policy Editor.
2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
   the computer.
7. Insert your USB flash drive in the computer, if it is not already there.
8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
9. On the Save the recovery password page, you will see the following options:

· Save the password on a USB drive. Saves the password to a USB flash drive.

· Save the password in a folder. Saves the password to a folder on a network drive or other location.

· Print the password. Prints the password

While I have a problem on step 4.

Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
Control Panel Setup: Enable Advanced Startup Options anywhere.

Thank you for your help.

Best Regards,

Yan

 

Bitlocker - Win 10 - TPM 2.0 - Legacy Mode


According to here you need to boot in UEFI to configure bitlocker then you can change to CSM.

Pre-Provision Bitlocker - TPM 2.0 - SCCM 1610

 

BitLocker not requiring password at boot. (Without TPM)


I've recently installed bitlocker on my computer. Although windows says my C: drive is encrypted; I am not asked for my decryption password when i boot the computer. I get put straight into the login screen. I've done the necessary steps to enable bitlocker without TPM but maybe i missed something. Help please.