Okay, basically without password works this way:
The UEFI BIOS, through the TPM module, provides the encryption key for the device in some way.
Also, the UEFI BIOS executes a small bit of code from the Windows kernel, that enables the decryption process.
Assuming the device is stolen, if the thief boots it, he will be brought to the classic login screen and without a password he won't be able to get past it. If, instead, he boots externally, the small bit of code of the Windows kernel will not be executed and the external OS won't be able to read the data.
So, apparently, provided that TPM is available it's sufficient to turn on Bitlocker even without a password.