Hardware Requirements for BitLocker Drive Encryption
To use BitLocker Drive Encryption, your computer has to meet certain hardware requirements. These requirements vary depending on the type of drive that you are encrypting.
Hardware requirements for the drive that Windows is installed on
To encrypt the drive that Windows is installed on (the operating system drive), BitLocker stores its own encryption and decryption key in a hardware device that is separate from your hard disk, so you must have one of the following:
A computer with Trusted Platform Module (TPM), which is a special microchip in many computers that supports advanced security features. If your computer was manufactured with TPM version 1.2 or higher, BitLocker will store its key in the TPM.
A removable USB memory device, such as a USB flash drive. If your computer doesn’t have TPM version 1.2 or higher, BitLocker will store its key on the flash drive. This option is only available if your system administrator has set up your network to allow the use of a startup key instead of the TPM.
To turn on BitLocker Drive Encryption on the operating system drive, your computer’s hard disk must:
Have at least two partitions: a system partition (which contains the files needed to start your computer and must be at least 100 MB) and an operating system partition (which contains Windows). The operating system partition will be encrypted and the system partition will remain unencrypted so your computer can start. If your computer doesn't have two partitions, BitLocker will create them for you. Both partitions must be formatted with the NTFS file system.
Have a BIOS that is compatible with TPM or supports USB devices during computer startup. If this isn't the case, you will need to update the BIOS before using BitLocker. For more information on updating your BIOS, see Update the BIOS for BitLocker Drive Encryption.
To find out if your computer has Trusted Platform Module (TPM) security hardware
Click to open BitLocker Drive Encryption.
In the left pane, click TPM Administration. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
The TPM Management on Local Computer snap-in tells you if your computer has the TPM security hardware. If your computer doesn't have it, you'll need a removable USB memory device to turn on BitLocker and store the BitLocker startup key that you’ll need whenever you start your computer.
Hardware requirements for data drives
You can use BitLocker to encrypt fixed data drives (such as internal hard drives) and you can use BitLocker To Go to encrypt removable data drives (such as external hard drives and USB flash drives). To encrypt a data drive, it must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must have at least 64 MB of available memory.
Hardware requirements for the drive that Windows is installed on
To encrypt the drive that Windows is installed on (the operating system drive), BitLocker stores its own encryption and decryption key in a hardware device that is separate from your hard disk, so you must have one of the following:
A computer with Trusted Platform Module (TPM), which is a special microchip in many computers that supports advanced security features. If your computer was manufactured with TPM version 1.2 or higher, BitLocker will store its key in the TPM.
A removable USB memory device, such as a USB flash drive. If your computer doesn’t have TPM version 1.2 or higher, BitLocker will store its key on the flash drive. This option is only available if your system administrator has set up your network to allow the use of a startup key instead of the TPM.
To turn on BitLocker Drive Encryption on the operating system drive, your computer’s hard disk must:
Have at least two partitions: a system partition (which contains the files needed to start your computer and must be at least 100 MB) and an operating system partition (which contains Windows). The operating system partition will be encrypted and the system partition will remain unencrypted so your computer can start. If your computer doesn't have two partitions, BitLocker will create them for you. Both partitions must be formatted with the NTFS file system.
Have a BIOS that is compatible with TPM or supports USB devices during computer startup. If this isn't the case, you will need to update the BIOS before using BitLocker. For more information on updating your BIOS, see Update the BIOS for BitLocker Drive Encryption.
To find out if your computer has Trusted Platform Module (TPM) security hardware
Click to open BitLocker Drive Encryption.
In the left pane, click TPM Administration. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
The TPM Management on Local Computer snap-in tells you if your computer has the TPM security hardware. If your computer doesn't have it, you'll need a removable USB memory device to turn on BitLocker and store the BitLocker startup key that you’ll need whenever you start your computer.
Hardware requirements for data drives
You can use BitLocker to encrypt fixed data drives (such as internal hard drives) and you can use BitLocker To Go to encrypt removable data drives (such as external hard drives and USB flash drives). To encrypt a data drive, it must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must have at least 64 MB of available memory.