Microsoft is rolling out a new hardware-accelerated BitLocker feature, which should help increase speed on systems with NVMe storage drives. This new approach helps avoid bottlenecks that can significantly impact performance.
BitLocker is a data protection feature available in professional and enterprise versions of Windows. It allows you to encrypt or “encode” the data on a computer to keep it protected, facing threats such as data theft, exposure in the event of loss or theft, or the inappropriate removal of equipment in companies. The problem, as with any encryption technology, is that if you use BitLocker you will have noticed a decrease in performance. Microsoft was aware and is taking steps to improve it.
Hardware Accelerated BitLocker
Presented at the recent Ignite conference, Microsoft claimed that its engineers had kept BitLocker’s performance overhead to a single-digit percentage. However, with the rapid rise in popularity and advancement of Non-Volatile Memory Express (NVMe) drive technology, these drives now achieve much higher input/output (I/O) speeds.
As a result, the corresponding BitLocker cryptographic operations may require a higher proportion of CPU (Central Processing Unit) cycles. This makes BitLocker’s impact on performance more pronouncedespecially in high-performance, I/O-intensive workloads such as gaming or video editing.
NVMe solid state drives have continued to evolve their ability to deliver extremely fast data transfer speeds (especially the latest Gen5), setting new expectations for system responsiveness and application performance. “While this is a huge benefit for users, it also means that any additional processing, such as real-time encryption and decryption using BitLocker, can become a bottleneck if not properly optimized. For example, professionals working with large video files, developers building massive code bases, or gamers demanding the lowest possible latency may notice lag or increased CPU usage when enabling BitLocker on these high-speed drives..
Hardware-accelerated BitLocker is designed to offer the best combination of performance and security. According to Microsoft, lSpeed improvements are achieved by first moving massive cryptographic operations from the main CPU to a dedicated cryptographic engine. Second, BitLocker bulk encryption keys are encapsulated in hardware, assuming the necessary SoC support is available.
According to Microsoft’s own testing, the difference between normal BitLocker performance and the hardware-accelerated version is huge, and the difference between hardware-accelerated BitLocker and non-BitLocker is negligible, as the following video shows:
