Our computers have stored a variety of data and files, some of which are very important to us, especially some privacy that we do not want others to know. At this time, we will think of these data and files hidden or encrypted. Speaking of encryption, the wide variety of tools available on the Internet make us dazzle. In fact, the Windows10 system is built-in its own Bitlocker disk encryption function, which can facilitate users to encrypt the disk protection. But what if some users are prompted not to start when using Bitlocker? In fact, the reason to cause such a problem is not complicated. Next, I’ll show you the specific solutions to solve the problem that Bitlocker can’t start under Windows 10.
What Is BitLocker Drive Encryption?
BitLocker Drive Encryption is a new data protection feature in Windows Vista. It is primarily used to address a growing concern: data theft or malicious leakage caused by physical loss of computer devices. BitLocker uses the TPM to protect the Windows operating system and user data. It also can help you ensure that your computer will not be tampered even in the case of unattended, lost or stolen.
BitLocker Drive Encryption can effectively prevent unauthorized users from breaking Windows Vista files and protect the lost or stolen computers by encrypting the entire Windows volume. With BitLocker, all users’ privacy and system files can be encrypted, including exchange and hibernate files.
What Is TPM?
TPM is referred to as a trusted platform module. It is a built-in microchip in the computer. It is mainly used for storing the encrypted information, such as encryption keys. TPM is typically installed on a desktop computer or a portable computer motherboard, and it communicates with the outside world through the rest of the Win10 system or hardware. Information stored on the TPM is more secure, which can help users avoid external software attacks and physical theft.
BitLocker encrypts all data stored on the Windows operating system volume. By default, you can use the TPM to ensure the integrity of early startup components (components used to start the process earlier period), and “locks” any BitLocker protected volumes. In this way, even the computer is tampered, it can also be protected.
What If the BitLocker Cannot Be Enabled?
This occurs because of the absence of a TPM chip case. If C Drive also creates an encrypted, it will lead to an infinite loop: no decryption can not be verified, no verification can not be decrypted. TPM is to play the role of a verification. If you want to encrypt the C Drive in the situation of no TPM, you can create a 100MB partition during installation, which is used to substitute the TPM authentication. By the way, this 100MB space can not be encrypted. After entering the system, the C Drive automatically back to unlock, otherwise the program can not be executed. This problem can be solved by the following methods.
Solution: prepare a U Disk and connect it to your computer
- Press the button WIN and the button R at the same time to enter the command gpedit.msc into the Run Window
- Click OK
- Expand the following items in order: Computer Configuration, Control Panel Assembly, BitLocker Drive Encryption, Operating System Driver
- Double-click the right side to start the item This Strategy which requires additional authentication Click Subsequent Application Has Been Enabled
- Select Allow BitLocker without A Compatible TPM Option
- Press the button WIN and the button R at the same time to enter the command gpupdate /force into the Run Window. In this way, you can update the modified policy
- Open the Control Panel
- Double-click BitLocker Drive Encryption icon
- Click Enable BitLocker to Encrypt the System Disk
- Click Each Time You Start You Need A Key in the pop-up window
- Select U Disk you want to use
- Click Save
- According to your real condition, select the way the Secret Key stored
- Select to save at U Disk and Secret Key
- Print the Secret Key
- Because you need to encrypt the hard disk later, I do not recommend to do this operation Saved to a file. In fact, this operation is inoperable
- In a pop-up Window, select Run BitLocker System
- Restart the computer according to the requirement
- After the restart, in the BitLocker program, you can see that the system is encrypting
The Proper Use of BitLocker
When BitLocker can be enabled normally, we can give Disk Encryption as follows:
- Put our important files and data on a separate disk partition, and right-click the disk to select Enable BitLocker
- Select Use a password to unlock the drive
- This step is to save the Recovery Secret Key, which can be used in the case of you have forgotten the password.
- Use the Recovery Secret Key to open the drive, and select Save to File
- Select Encryption entire drive
- Then click the Start Encryption button to encrypt
- After the start of encryption, in the lower right corner of the desktop will pop up a prompt: Encrypting. If you want to see the progress of encryption, just click the small icon in the lower right corner
- In this way, we can wait for the entire encryption process to be complete
- After the encryption is complete, the disk will prompt us to enter a password
- Note: when we enter a password to decrypt, the drive will not automatically lock again, instead, it will remain open. Therefore, we need a command to encrypt the drive at any time, the specific method is to open the command prompt character, input: manage-bde -lock E:
- Press the button Enter
What I have introduced to you above are the solutions to the problem that the BitLocker cannot be enabled. Through above, you can also have a better understanding of what is BitLocker Drive Encryption and TPM. If you encounter such problems, I hope the above methods are helpful.