Hardware requirements for BitLocker Drive Encryption

Because BitLocker stores its own encryption and decryption key in a hardware device that is separate from your hard disk, you must have one of the following:

  • A computer with Trusted Platform Module (TPM), which is a special microchip in some newer computers that supports advanced security features. If your computer was manufactured with TPM version 1.2 or higher, BitLocker will store its key in the TPM.

  • A removable USB memory device, such as a USB flash drive. If your computer doesn’t have TPM version 1.2 or higher, BitLocker will store its key on the flash drive.

Note

  • Some BitLocker features and settings can be enabled by Group Policy settings.

To turn on BitLocker Drive Encryption, your computer’s hard disk must:

  • Have at least two partitions. One partition must include the drive Windows is installed on. This is the drive that BitLocker will encrypt. The other partition is the active partition, which must remain unencrypted so that the computer can be started. Once you've encrypted the drive Windows is installed on, you can also encrypt additional data drives on the same computer.

  • Be formatted with the NTFS file system.

  • Have a BIOS that is compatible with TPM and supports USB devices during computer startup. If this is not the case, you will need to update the BIOS before using BitLocker. For more information on updating your BIOS, see Update the BIOS for BitLocker Drive Encryption.

To find out if your computer has Trusted Platform Module (TPM) security hardware

  1. Open Bitlocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security, and then clicking Bitlocker Drive Encryption. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. If the TPM administration link appears in the left pane, your computer has the TPM security hardware. If this link is not present, you will need a removable USB memory device to turn on BitLocker and store the BitLocker startup key that you’ll need whenever you restart your computer.

Note

  • In some cases, the computer’s BIOS might prevent the TPM administration link from appearing. If this link is not present, but you think your computer does have a TPM, check the information that came with your computer to make sure.