Enabling BitLocker without TPM on MacBook Pro with Bootcamp

Ask Different Asked by kop48 on October 19, 2020

I have been wanting to enable BitLocker without a compatible TPM (my MacBook Pro) on a Bootcamp partition that has read / write access to the EFI. Is there a way to do this?

4 Answers

Successful solution, overcoming error

I followed these steps for my MacBook Pro 15inch 2016 (touchbar) and was then able to over come the error I got as I've also described in the third step:

  1. How-To Geek: How to Use BitLocker Without a Trusted Platform Module (TPM)

  2. How-To Geek: How to Set Up BitLocker Encryption on Windows

  3. Which drive is the “data drive” referred to in the Bitlocker error “The data drive specified” where would it be set to “automatically unlock”? (solution to overcome error: "the data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically" and "C: was not encrypted").

Answered by therobyouknow on October 19, 2020

Adding some instructions on how to do this so that it works with Parallels too.

  1. Follow all of the instructions above while booted into Windows natively with Bootcamp, but DON'T ENABLE BITLOCKER YET.

  2. Next, go back to MacOS, fire up Parallels and create the VM from the Bootcamp partition.

  3. Once you've done that, enable Bitlocker from within the VM in Parallels, set it to start with a password.

Voila! You'll now be able to unlock Bitlocker with a password either from Parallels, or booting natively with Bootcamp.

Answered by kop48 on October 19, 2020

If you're using a newer Macbook Pro (i'm using the 2018 model) then it's pretty easy actually. I'd really recommend you to read these two guides and then you'll be up and running with Bitlocker in like less than 15 minutes:

I'm writing this from inside Windows 10 on my newly encrypted Bitlocker drive running Bootcamp on a Macbook Pro 2018.

Answered by Jim Aho on October 19, 2020

I wanted to document this because the information that I've found is spread out and highly complicated. I've found a set of steps that are much simpler to enable BitLocker on a Bootcamp install of Windows. I've combined the information from these two sources for this guide:

The first step is to boot into your Windows partition, then log in, and open up an administrative command prompt.

Mount the UEFI partition to a drive letter: mountvol b: /s

Copy the Microsoft EFI binaries to the UEFI partition: bcdboot c:windows /s b: /f UEFI

Unmount the UEFI partition: mountvol b: /d

Configure BitLocker to work without a TPM:

  1. Start => run => gpedit.msc
  2. Open the Local Computer Policy node
  3. Navigate to Computer Configuration Administrative Templates Windows Components Bit Locker Drive Encryption Operating System Drives
  4. Double click on Require additional authentication at startup
  5. Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor.

Reboot your machine back to Windows.

You can now enable BitLocker on the device using just a passphrase.

Answered by kop48 on October 19, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP