Enabling BitLocker without TPM on MacBook Pro with Bootcamp
Solution 1:
I wanted to document this because the information that I've found is spread out and highly complicated. I've found a set of steps that are much simpler to enable BitLocker on a Bootcamp install of Windows. I've combined the information from these two sources for this guide:
- How do I mount the EFI partition on Windows 8.1 so that it is readable and writeable?
- Bitlocker in Windows 8.1 inside Bootcamp on the MacBook Pro (mid 2009)
The first step is to boot into your Windows partition, then log in, and open up an administrative command prompt.
Mount the UEFI partition to a drive letter:
mountvol b: /s
Copy the Microsoft EFI binaries to the UEFI partition:
bcdboot c:\windows /s b: /f UEFI
Unmount the UEFI partition:
mountvol b: /d
Configure BitLocker to work without a TPM:
- Start => run =>
gpedit.msc
- Open the Local Computer Policy node
- Navigate to
Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives
- Double click on
Require additional authentication at startup
- Enable the feature and check the box next to
Allow BitLocker without a compatible TPM
, click Apply and Ok, and close out of Local Group Policy Editor.
Reboot your machine back to Windows.
You can now enable BitLocker on the device using just a passphrase.
Solution 2:
If you're using a newer Macbook Pro (i'm using the 2018 model) then it's pretty easy actually. I'd really recommend you to read these two guides and then you'll be up and running with Bitlocker in like less than 15 minutes:
- (Good description and overview) https://tonyho.net/filevault-and-bitlocker-on-a-mac-with-boot-camp/
- (Actual guide) https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
I'm writing this from inside Windows 10 on my newly encrypted Bitlocker drive running Bootcamp on a Macbook Pro 2018.
Solution 3:
I had to encypt both Mac OS and Windows and wasn't sure about order, but found this article:
- https://medium.com/@vanister/encrypting-macos-and-windows-on-the-same-mac-842ee7a19c44
In short words:
- First enable FileVault on Mac
- Reboot in Windows
- Disable TPM as described in other comments (using gpedit.msc)
- Start Bitlocker encryption
- Reboot Windows to finish the encryption (Bitlocker will prompt you to do so)
I tested this on MacBook Pro 13 2020 MacOS 10.15.7 and latest Windows 10.