Microsoft makes securing files faster with hardware-accelerated BitLocker

If you have use BitLocker to secure files within Windows 11, you will almost certainly have noticed something of a performance hit. Microsoft is not unaware of this, and is taking steps to help improve things.

The company is rolling out hardware-accelerated BitLocker, which should help to provide a speed boost on systems with NVMe drives. The new approach helps to avoid bottlenecks which can massively impact on performance.

Writing about the feature, which was first nveiled at Microsoft Ignite recently, the company says: “We know that users desire both security and great performance. Historically, we have strived to keep BitLocker performance overhead within single digit percentage points. However, with the rapid rise in popularity and advancement of Non-Volatile Memory Express (NVMe) drive technology, these drives now achieve much higher Input/Output (I/O) operation speeds. As a result, corresponding BitLocker cryptographic operations can require a higher proportion of CPU (Central Processing Unit) cycles. This makes the performance impact of BitLocker more pronounced, especially on high-throughput and I/O intensive workloads like gaming or video editing”.

Microsoft goes on to explain:

As NVMe drives continue to evolve, their ability to deliver extremely fast data transfer rates has set new expectations for system responsiveness and application performance. While this is a major benefit for users, it also means that any additional processing — such as real-time encryption and decryption by BitLocker — can become a bottleneck if not properly optimized. For example, professionals working with large video files, developers compiling massive codebases, or gamers demanding the lowest possible latency may notice delays or increased CPU usage when BitLocker is enabled on these high-speed drives.

Balancing robust security with minimal performance impact is more challenging than ever. The need to protect sensitive data remains critical, but users also expect their devices to operate at peak efficiency. As a result, the industry has needed to innovate new solutions that ensure both security and speed are maintained even as hardware capabilities advance.

To achieve this, we announced hardware-accelerated BitLocker at Microsoft Ignite last month. Hardware-accelerated BitLocker is designed to provide the best combination of performance and security.

Speed improvements are achieved by firstly shifting bulk cryptographic operations from the main CPU to a dedicated crypto engine. Secondly, BitLocker bulk encryption keys are hardware wrapped (assuming the necessary SoC support is present).

According to Microsoft’s own tests, the difference between normal BitLocker performance and the hardware-accelerated version are huge, with the difference between hardware accelerated BitLocker and no BitLocker being negligible.

Check out the video below to see the difference:

Full details of hardware accelerated BitLocker can be found in Microsoft’s blog post here.

Image credit: Alexey Novikov / Dreamstime.com