Fix: This Device Cannot Use a Trusted Platform Module
If you receive the error message ‘This device cannot use a Trusted Platform Module’, it can be caused if your computer doesn’t have a TPM chip or due to your group policies. Users have reported that when they try to encrypt a drive on their Windows 10 using the built-in BitLocker, they are prompted with the said error message. The error message contains the fix if looked at closely, however, not everyone has the competency to implement the workaround.
BitLocker is an important feature of Windows 10 and usually comes in handy when we have to encrypt certain hard drives to prevent others from accessing them. If you do not already know, Trusted Platform Module or TPM is a chip that comes in most of the motherboards which is used to create and store cryptographic keys. You will be able to circumvent the issue once you have gone through this article.
What causes the ‘This Device Cannot Use a Trusted Platform Module’ Error on Windows 10?
Well, as we mentioned, this error occurs when you are trying to encrypt a drive with BitLocker and is often caused by the following factors —
- TPM chip on your motherboard: In some cases, the error occurs when your motherboard doesn’t have a TPM chip installed. Therefore, before you get into the solutions, you should look up your motherboard to see if it features a TPM chip.
- Group Policies: Another cause of the error can be your system’s Group Policies. As the error message suggests, you will have to modify your group policies to isolate the issue.
Getting onto the solutions, you can use the solutions provided down below to fix your issue. Please make sure you use an administrator account as a few steps are given down below will require administrative privileges.
Solution 1: Allowing BitLocker without TPM
As we have mentioned above, the error occurs when your motherboard has no TPM chip. In such a case, you can bypass this and allow BitLocker without TPM chip. To do this, you will have edit your system’s group policy. Here’s how to do it:
- Press Windows Key + R to open Run dialog box.
- Type in ‘gpedit.msc’ and then press Enter.
- Once the Local Group Policy Editor opens up, navigate to the following directory:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
- There, locate the ‘Require additional authentication at startup’ policy and double-click to configure it.
- The setting, by default, is set to Not Configured. Change it to Enabled.
- Afterward, make sure the ‘Allow Bitlocker without a compatible TPM’ box is checked.
Modifying Policy to Run Bitlocker without TPM - Click Apply and then hit OK.
- Restart your system and see if it fixes the issue.
Solution 2: Rejoining Computer Domain
The issue sometimes can be generated by the domain that you are connected to. If this case is applicable to you, you can try to resolve the issue by leaving the domain and then joining it again. Here’s how to leave the domain:
- Press Windows Key + I to open Settings.
- Go to Accounts and then navigate to the ‘Access work and school’ tab.
Account Settings - Select the domain you are connected to and click Disconnect.
- Follow the on-screen pop-ups to leave the domain.
- Restart your system.
- You can join the domain again if you wish to do so.
- See if it fixes the issue.
These solutions will most probably fix your issue and you should be able to use BitLocker again.
