Microsoft boosts Windows 11 Security with Hardware-Accelerated BitLocker
Microsoft is addressing performance concerns surrounding it’s BitLocker encryption feature in Windows 11 with a new hardware-accelerated approach, promising significant speed improvements for users with NVMe drives. The update, unveiled at Microsoft Ignite last month, aims to alleviate the processing burden bitlocker places on CPUs, notably during demanding tasks.
Users enabling bitlocker to secure their files have frequently enough experienced a noticeable performance decrease. Microsoft acknowledges this issue and is actively working to mitigate it. The company’s solution centers on offloading cryptographic operations to dedicated hardware,rather than relying solely on the central processing unit.
“We know that users desire both security and great performance,” a company release stated. “Historically, we have strived to keep BitLocker performance overhead within single digit percentage points. However, with the rapid rise in popularity and advancement of Non-Volatile Memory Express (NVMe) drive technology, these drives now achieve much higher Input/Output (I/O) operation speeds. As a result,corresponding BitLocker cryptographic operations can require a higher proportion of CPU cycles.”
The increasing speed of NVMe drives has inadvertently amplified BitLocker’s performance impact. As Microsoft explains, the speed of these drives creates new expectations for system responsiveness, but the real-time encryption and decryption processes of BitLocker can become a bottleneck if not optimized. This is particularly noticeable for professionals working with large files – such as video editors or developers compiling code – and gamers seeking minimal latency.
Balancing data security with optimal performance is a growing challenge. The need for robust data protection remains paramount, but users also demand efficient device operation. This has spurred innovation in solutions that maintain both security and speed as hardware evolves.
To address this, Microsoft announced hardware-accelerated BitLocker. The technology is designed to deliver the optimal combination of security and performance. Speed improvements are achieved by shifting bulk cryptographic operations from the CPU to a dedicated crypto engine and
by hardware-wrapping BitLocker bulk encryption keys,provided the system’s SoC supports it.
According to internal testing conducted by Microsoft, the performance difference between standard BitLocker and the hardware-accelerated version is ample. Notably, the performance gap between hardware-accelerated BitLocker and having no BitLocker enabled is described as negligible.
Full details of hardware-accelerated bitlocker can be found in Microsoft’s blog post here.
[Image credit: Alexey Novikov / Dreamstime.com]
Why did Microsoft implement hardware-accelerated BitLocker?
Microsoft implemented hardware-accelerated BitLocker to address performance issues that arose with the increasing speed of NVMe drives. As NVMe drives became faster, the cryptographic operations required by standard BitLocker encryption began to create a performance bottleneck, impacting system responsiveness, especially for demanding tasks.
Who is affected by this change?
Users of Windows 11 with NVMe drives are the primary beneficiaries of this change. Professionals working with large files (video editors, developers) and gamers who prioritize low latency will likely see the most significant improvements.Though, all BitLocker users with compatible hardware will experience performance gains.
What is hardware-accelerated BitLocker?
Hardware-accelerated BitLocker is a new approach to BitLocker encryption that offloads cryptographic operations from the CPU to a dedicated crypto engine within the system’s SoC (System on a Chip).It also involves hardware-
