Enabling BitLocker without TPM on MacBook Pro with Bootcamp

bootcamp windows

Solution 1:

I wanted to document this because the information that I've found is spread out and highly complicated. I've found a set of steps that are much simpler to enable BitLocker on a Bootcamp install of Windows. I've combined the information from these two sources for this guide:

  • How do I mount the EFI partition on Windows 8.1 so that it is readable and writeable?
  • Bitlocker in Windows 8.1 inside Bootcamp on the MacBook Pro (mid 2009)

The first step is to boot into your Windows partition, then log in, and open up an administrative command prompt.

Mount the UEFI partition to a drive letter: mountvol b: /s

Copy the Microsoft EFI binaries to the UEFI partition: bcdboot c:\windows /s b: /f UEFI

Unmount the UEFI partition: mountvol b: /d

Configure BitLocker to work without a TPM:

  1. Start => run => gpedit.msc
  2. Open the Local Computer Policy node
  3. Navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives
  4. Double click on Require additional authentication at startup
  5. Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor.

Reboot your machine back to Windows.

You can now enable BitLocker on the device using just a passphrase.

Solution 2:

If you're using a newer Macbook Pro (i'm using the 2018 model) then it's pretty easy actually. I'd really recommend you to read these two guides and then you'll be up and running with Bitlocker in like less than 15 minutes:

  • (Good description and overview) https://tonyho.net/filevault-and-bitlocker-on-a-mac-with-boot-camp/
  • (Actual guide) https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

I'm writing this from inside Windows 10 on my newly encrypted Bitlocker drive running Bootcamp on a Macbook Pro 2018.

Solution 3:

I had to encypt both Mac OS and Windows and wasn't sure about order, but found this article:

  • https://medium.com/@vanister/encrypting-macos-and-windows-on-the-same-mac-842ee7a19c44

In short words:

  1. First enable FileVault on Mac
  2. Reboot in Windows
  3. Disable TPM as described in other comments (using gpedit.msc)
  4. Start Bitlocker encryption
  5. Reboot Windows to finish the encryption (Bitlocker will prompt you to do so)

I tested this on MacBook Pro 13 2020 MacOS 10.15.7 and latest Windows 10.

Related

Open all iCloud tabs from iPhone on Mac
MacBook Pro USB ports not working properly
Kill TCP connections on a Mac in Terminal
SMB share deadlocks since High Sierra
Tool to transform text to all caps or lowercase
Preview hangs when opening any image or pdf
How to delete/remove custom ringtones (tones) from iPhone in iTunes 12.7?
Is there a way to mount a disk directly to a specific folder?
Is it possible to upload files to a website from Safari on iPhone?
Mount network share (AFP/SMB) for multiple users (fast user switching)
Setup Apple TV (2nd Gen) with neither a remote nor home sharing turned on
How do I move a USB Time Machine backup to a Time Capsule?