TPM is a chipset inside the motherboard of your system and when you have this hardware in your device when you attempt to encrypt hard disk, it will store the key inside the TPM. So next time when you boot into your system, it will read they key from the TPM and even if someone take away your hard disk , they won't be able to access the key because it is secure inside the TPM.
When you don't have TPM, whenever you want to boot your system, it will ask for the key or it should be authenticated through the server.
Bitlocker with & without TPM - What's the Difference?
What does the TPM do (what are its functions) when you encrypt the system drive with Bitlocker?
And what is the difference if I encrypt the system drive without the TPM?
6 answers
Sort by: Most helpful
-
Reza-Ameri 16,991 Reputation points
2021-06-27T15:54:01.797+00:00 -
Castorix31 86,046 Reputation points
2021-06-27T16:58:21.437+00:00 -
Teemo Tang 11,426 Reputation points
2021-06-28T02:20:03.417+00:00 TPM(Trusted Platform Module) is a chip on your computer’s motherboard.
The TPM provides an extra layer of security by storing passwords and keys in a secure form.
TPM with BitLocker provides more security.You can enable BitLocker on an operating system drive without a TPM
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq#can-i-use-bitlocker-on-an-operating-system-drive-without-a-tpm-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Kapil Arya 8,251 Reputation points MVP
2021-06-28T04:49:06.94+00:00 Hello,
Usually PIN is considered more secure than traditional password because it is backed by TPM, a system hardware and chip.
So if you enable BitLocker with TPM, you can use PIN to unlock your BitLocker drive, which provides more security.
BitLocker can be enabled without TPM as we all know, but in that case you won't be able to use PIN to unlock encrypted drive. You've to use password then.
Hope this answers your query!
-
MTG 1,221 Reputation points
2021-06-28T08:09:35.613+00:00 The worst thing about not having a TPM has not been mentioned yet: the encryption password can be attacked by brute force.
Since most people will not like to use passwords with 20 characters or more, there's a chance that brute-force will succeed in time.
With a TPM, brute forcing would mean to remove the disk from its computer housing and attempt to find the correct recovery key, which is a 48-digit number. Happy brute-forcing!