How can I tell whether my computer has a TPM version 1.2?
In the BitLocker control panel, click the
Turn On BitLocker link. If you receive the following error message, then either your computer does not have a TPM version 1.2 or the BIOS is not compatible with BitLocker or with the TPM:
A TPM was not found. A TPM is required to turn on BitLocker. If your computer has a TPM, the contact the computer manufacturer for BitLocker-compatible BIOS.
If you receive this error message, contact the computer manufacturer to verify that the computer has a TPM version 1.2, or to get a BIOS update.
Some computers might have TPMs that do not appear in the Windows Vista TPM Microsoft Management Console snap-in (tpm.msc). If you think that your computer has a TPM version 1.2 and you receive this error, contact the computer manufacturer to get a BIOS update. In addition, some manufacturers provide a BIOS setting that hides the TPM by default, and other manufacturers do not make the TPM available unless it is enabled in the BIOS. If you believe that your TPM is hidden in the BIOS, consult the manufacturer's documentation for instructions that detail how to display or enable the TPM.
Can I use BitLocker on a computer without a TPM version 1.2?
Yes, you can enable BitLocker on a computer without a TPM version 1.2, provided that the BIOS has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected volume until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide.
To help determine whether a computer can read from a USB device during the boot process, use the BitLocker System Check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
To enable BitLocker on a computer without a TPM, use Group Policy to enable the advanced BitLocker user interface. With the advanced options enabled, the non-TPM settings appear in the BitLocker setup wizard. For instructions about using Group Policy to enable the advanced user options, see
Windows BitLocker Drive Encryption Step-by-Step Guide.
How do I obtain BIOS support for the TPM on my computer?
Contact the computer manufacturer directly to request a Trusted Computing Group (TCG)-compliant BIOS. Ask the following questions when requesting a BIOS:
- Does the computer have a Windows Vista-ready BIOS? Does it pass Windows Vista logo tests?
- Is the BIOS Trusted Computing Group (TCG)-compliant?
- Does the BIOS have a secure update mechanism to help prevent a malicious BIOS from being installed on the computer?