[SOLVED] Can I encrypt Windows 10 Home? TPM not usable, PCR7 binding unsupported, hardware security not usable ?

Mar 14, 2021
17
0
10
I never really knew what encryption was until recently getting the files off my crashed drive... There should be a screaming banner when you install windows while it makes you set up a password that says: BTW anyone can just unplug your drive and get everything off of it, or just use a few simple keystrokes on boot to access everything without the password, lol.


when I checked my hardware requirements as instructed here:
https://www.windowscentral.com/how-enable-device-encryption-windows-10-home

I see: "Reasons for failed automatic device encryption tpm is not usable, pcr7 binding is not supported, Hardware security not usable"

motherboard: Gigabyte Z97-HD3 Rev 2.0
https://www.gigabyte.com/Motherboard/GA-Z97-HD3-rev-20#ov
"Along the southern edge of the board, where we usually see a Trusted Platform Module header, Gigabyte has chosen to supply both serial and parallel port headers."



i7-4790K Socket H3 LGA-1150
GTX-1050-Ti 4GB GPU
I'm not overclocking CPU or GPU

I don't want to use One Drive or a Microsoft account if that'll enable encryption (something about Home users are more likely to lock themselves out of their computer and having it encrypted makes them loose everything but maybe even if getting the non-requirement I'm seeing if you add the encryption key to One Drive or maybe a MS account it'll let you encrypt, but I don't want One Drive nor an MS account. I don't want to mess with BIOS or anything either not have to plug a USB stick with encryption every bootup. I'd prefer to buy a new motherboard or windows 10 Pro if that'll allow encryption.

I bought Windows 10 home just a few weeks ago because my windows 8.1 drive crashed.

I also have two 1TB Western Digital Passport external drives as back ups. They require password to access, as far as I know, (I've tried all folders/options it shows before you can enter the password and there's not data there) but who knows with these things now, maybe I should encrypt them too if possible?

Without this getting too confusing, because I don't want workarounds, maybe even omitting upgrading 10 Home to 10 Pro if possible for a cheaper price than a full 10 Pro, I'd rather spend like $150 for Windows 10 Pro, is that the easiest option, or a different motherboard and can at least sell this one?
I can't return this USB version Windows 10 Home to newegg now that I activated it, I didn't make any Microsoft or One Drive accounts with it either so maybe I can just sell it on ebay with the key?
thanks.
 
This mobo does not have TPM. I searched the pdf manual for TPM and trusted platform module.

It does have intel Trusted Execution Technology Intel TXT, but I'm not sure if it's the same as TPM.
Intel TXT(LT) Support (Note) Enables or disables Intel® Trusted Execution Technology (Intel® TXT). Intel® Trusted Execution Technology provides a hardware-based security foundation. (Default: Disabled)



Windows10 Pro says here TMP is required for TPM protection, but maybe that's different than Bitlocker?
I guess I'll contact windows and some motherboard manufacturers in the meantime what the best option is.

https://www.microsoft.com/en-us/p/windows-10-pro/df77x4d43rkt?activetab=pivot😱verviewtab

** Requires TPM 1.2 or greater for TPM based key protection.

UPDATE: I just chatted with microsoft and the person said just enable TPM in BIOS but I think I checked everywhere in BIOS and don't see any option (I don't see option for the Intel TXT either). And as mentioned TPM is nowhere mentioned in the PDF manual.
I think I might rather but a new motherboard instead of Windows 10 Pro. Despite any more loss if any (I can net about $75 on ebay for this current motherboard and buy the right one for maybe $140?, or I can buy windows 10 Pro for $199 or upgrade from Home for $99 but I'm not sure if I want two product keys and 2 USB sticks and also as mentioned maybe TPM seems to still required for Windows 10 Pro bitlocker/encryption). Also the only other difference between Home and Pro is Pro is more for networking/sharing and I'd rather it not maybe be more prone to default or wanting to share my data across the router.
 
Last edited:
You don't have to encrypt your system drive. Split your drive in two volumes - Windows, and Data. BitLocker your data drive, and reroute your data (documents, pictures etc) to that encrypted volume. That way, litltle to no personal data remains on (unencrypted) system drive.

One drawback of this is that you have to manually enter the password after logging on.
 
can i even encrypt that partition without the TPM?
I'm guessing I can just buy a new motherboard with TPM and bitlock/encrypt the whole drive? I think I'd rather not mess with sectioning the drive because I've never done that and unsure I'll always route data to it.