03-21-2017 07:01 AM
I am trying to encrypt my drive using BitLocker. I am saving the key to a USB drive, only encrypting used data, and using new encryption mode. I then run system check before encrypting the drive, and when I restart my computer, I get the following message: "BitLocker could not be enabled. The BitLocker encryption key cannot be obtained from the Trusted Platform Module (TPM). C: was not encrypted."
I've done some troubleshooting elsewhere, but can't find any info to help me. I'm running Windows 10 Pro on a Lenovo T440s machine. My TPM is initialized, owned and running, so I'm not sure what to do there. Here are images of my TPM from Device Manager.
I'm at a loss, and I definitely need to be able to encrypt my drive. Does anyone have any information? If you need more information about my system, BIOS, etc., I'll be happy to oblige.
Solved! Go to Solution.
03-21-2017 07:13 AM - edited 03-21-2017 07:14 AM
My guess is that you deployed Win10 in legacy mode, instead of UEFI mode. You can confirm this in msinfo32.exe, look for "BIOS Mode" in the right-hand panel. It needs to be "UEFI" if you want to use TPM 2.0.
03-21-2017 07:19 AM
Ah, you're right, it is Legacy. This may be a dumb question, how would I put it into UEFI mode? And would that have consequences for my OS or applications?
03-21-2017 07:36 AM
One way is turn on Secure Boot in BIOS setup and then re-install Win10. But if you need to convert your existing legacy installation to UEFI, maybe you can find some tips on google how to do that (but I don't think MSFT supports this).