Microsoft has introduced hardware-accelerated BitLocker, a major safety enhancement designed to remove efficiency bottlenecks brought on by encryption on trendy high-speed NVMe drives.
The brand new expertise addresses rising issues about CPU overhead as storage gadgets turn into quicker, significantly for customers working intensive workloads akin to gaming and video modifying.
Efficiency Problem with Fashionable NVMe Drives
As NVMe storage expertise advances, these drives ship high-speed knowledge switch charges that push system efficiency to new ranges.
Nevertheless, BitLocker’s conventional software-based encryption requires substantial CPU energy to encrypt and decrypt knowledge in actual time.
This creates a efficiency bottleneck on high-speed NVMe drives, the place encryption operations eat important CPU cycles.
FeatureHow It WorksCrypto OffloadingShifts encryption duties from the primary CPU to a devoted cryptographic engine on the System on Chip (SoC).{Hardware}-Protected KeysEncryption keys are “wrapped” and guarded instantly by the {hardware} (SoC) somewhat than sitting uncovered in system reminiscence.Default XTS-AES-256Automatically selects the sturdy XTS-AES-256 algorithm on supported {hardware} (NVMe drive + succesful SoC).Admin VerificationThe manage-bde -status command line software has been up to date to detect and report this particular mode.
It could actually trigger noticeable delays throughout demanding duties akin to intensive video processing, code compilation, or gaming.
Comparability of software program BitLocker vs. hardware-accelerated BitLocker structure exhibiting improved efficiency by way of a devoted crypto engine.
evaluating a software program BitLocker to {hardware} accelerated BitLocker.
The brand new hardware-accelerated BitLocker shifts encryption workload from the primary CPU to devoted crypto engines constructed into trendy system-on-chip (SoC) processors.
This method delivers two important enhancements. First, crypto offloading strikes bulk encryption operations to specialised {hardware}, liberating CPU assets for different duties and enhancing battery life.
Second, hardware-protected keys wrap BitLocker encryption keys on the {hardware} degree.
Lowering publicity to CPU and reminiscence vulnerabilities alongside present Trusted Platform Module (TPM) safety.
{Hardware}-accelerated BitLocker is enabled with the September 2025 replace to Home windows 11 24H2 and Home windows 11 25H2.
The characteristic routinely prompts on supported gadgets with NVMe drives and appropriate SoCs, utilizing the XTS-AES-256 encryption algorithm by default.
A command-prompt interface exhibits hardware-accelerated BitLocker because the encryption technique
Intel vPro gadgets with Core Extremely Collection 3 processors present preliminary assist, with extra vendor platforms deliberate.
Testing exhibits storage efficiency with hardware-accelerated BitLocker approaches NVMe speeds with out encryption.
The expertise delivers roughly a 70% discount in CPU cycles in comparison with software program BitLocker. This ends in higher battery life alongside improved storage metrics for sequential and random read-write operations.
Microsoft plans to routinely improve key sizes in an early spring replace to maximise compatibility. Customers can confirm hardware-accelerated BitLocker by working “manage-bde -status” in an administrator command immediate.
The encryption technique part shows “{Hardware} accelerated” when the SoC’s crypto capabilities are lively.
Enterprise directors ought to notice that particular coverage configurations specifying unsupported algorithms or key sizes might forestall {hardware} acceleration.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
