Microsoft has acknowledged that enabling BitLocker on PCs equipped with NVMe SSDs can lead to noticeable performance degradation. Nevertheless, it is important to note that not all systems running BitLocker experience significant impacts on application or gaming performance. For the majority of users, the performance costs associated with BitLocker remain relatively minor.
Historically, Microsoft reports that BitLocker typically incurs an “overhead”of only single-digit percentages and primarily under specific conditions. Originally offered as an optional feature, BitLocker is now activated by default in Windows 11 version 24H2, as noted by Windows Latest. However, it is crucial to understand that upgrading from Windows 11 23H2 to 24H2 does not automatically enable BitLocker. It will be pre-activated on new devices or those undergoing a clean installation of Windows 11 version 24H2 or 25H2.
According to a support document published by Microsoft, BitLocker serves as a “valuable”layer of security for lost or stolen devices, as it encrypts drives and safeguards sensitive data.
Performance Impact of Windows 11 BitLocker
Microsoft has indicated that although BitLocker does enhance security, it can come at the expense of performance, particularly for systems with advanced NVMe SSDs. These drives, known for their higher input/output (I/O) cycles, require additional CPU resources for decryption, intensifying CPU usage during high-demand tasks.
As NVMe drives have evolved, their capability for increased I/O operations means that CPUs must dedicate more time to executing BitLocker’s AES encryption and decryption processes in order to manage the higher volume of read and write requests. This situation is more pronounced during high I/O activities such as gaming or video editing.
Microsoft has emphasized the dual nature of this enhancement: while users experience improved performance from NVMe technology, the additional processing requirements posed by BitLocker can become a performance bottleneck if not addressed appropriately. One support document highlights that the need for real-time encryption might adversely affect overall system performance.
This higher CPU cycle consumption is evident during tasks that demand substantial drive activity, such as:
- Playing modern video games
- Compiling extensive codebases
- Editing high-resolution videos
For these resource-intensive operations performed on NVMe drives with BitLocker activated, a workaround exists, contingent upon having newer hardware capable of supporting the “hardware-accelerated BitLocker”functionality.
Hardware-Accelerated BitLocker: Addressing Performance Concerns
In the most recent release, Windows 11 KB5065426 (26100.6584 26200.6584) or newer, Microsoft introduced hardware-accelerated BitLocker. This innovation shifts the cryptographic tasks away from the CPU to a dedicated cryptographic engine located on the SoC (System on a Chip), providing hardware protection for encryption keys.
This advance results in decreased CPU usage and enhanced battery longevity, albeit with the stipulation that compatible hardware is required. Microsoft remarked that “BitLocker will leverage emerging SoC and CPU features to enhance performance and security for both current and future NVMe drives.”
Evaluating Performance: CrystalDiskMark Benchmark Results
Benchmark tests are crucial to understanding the impact of encryption on drive speed. Sequential read/write speeds remain relatively stable; however, noticeable distinctions emerge in random input/output operations.
Device A: Software BitLocker
- BitLocker on: TRUE
- Algorithm: XTS-AES256
- Hardware Crypto Offloading Supported: FALSE
- Hardware Crypto Offloading Used: FALSE
- Hardware Wrapping Supported: FALSE
- Hardware Wrapping Used: FALSE
- Hardware Offload Type: UNRECOGNIZED
Device B: Hardware-Accelerated BitLocker
- BitLocker on: TRUE
- Algorithm: XTS-AES256
- Hardware Crypto Offloading Supported: TRUE
- Hardware Crypto Offloading Used: TRUE
- Hardware Wrapping Supported: TRUE
- Hardware Wrapping Used: TRUE
- Hardware Offload Type: NVMe
| Metric | Device A (MB/s) | Device B (MB/s) | Difference |
| SEQ1M Q8T1 (Read) | 6598.58 | 6637.36 | Negligible (+0.6%) |
| SEQ1M Q8T1 (Write) | 4925.73 | 4956.20 | Negligible (+0.6%) |
| RND4K Q32T1 (Read) | 1632.52 | 3746.55 | Device B is 2.3x Faster |
| RND4K Q32T1 (Write) | 1513.43 | 3530.82 | Device B is 2.3x Faster |
| RND4K Q1T1 (Read) | 513.95 | 714.39 | Device B is ~40% Faster |
| RND4K Q1T1 (Write) | 304.89 | 652.45 | Device B is ~2.1x Faster |
While large file transfers show minimal differences between the two configurations, hardware acceleration brings about significant enhancements in Random 4K performance, particularly in processing small file operations. Notably, Device B outperformed Device A in most random read/write scenarios.
Verifying Hardware-Accelerated BitLocker Capability
To confirm whether your PC supports the hardware-accelerated BitLocker feature, utilize the command-line tool .\HwBitLocker.exe.
For instance, Device A is equipped with standard Software BitLocker, in contrast to Device B, which employs the newer Hardware-Accelerated BitLocker system.
The output of the manage-bde -status command reveals:
| Feature | Device A (Software BitLocker) | Device B (Hardware-Accelerated) |
| BitLocker Version | 2.0 | 2.0 |
| Conversion Status | Encryption in Progress | Encryption in Progress |
| Percentage Encrypted | 97.5% | 97.5% |
| Encryption Method | XTS-AES 256 | XTS-AES 256 (Hardware Accelerated) |
| Protection Status | Protection Off | Protection Off |
Take note that the key distinguishing factor is the (Hardware Accelerated) label next to Device B’s encryption method.
Related Articles:
Microsoft Recommends 32GB RAM as the Ideal Upgrade for Windows 11 Gaming
19:34
Satya Nadella Confirms 1.6 Billion Monthly Windows Users and Bing Surpasses 1 Billion Users
15:14
Satya Nadella Acknowledges Microsoft’s Need to Regain Windows 11 Users and Enhance Performance for Low RAM Computers
0:54
Leave a Reply