“`html
Microsoft has revealed hardware-accelerated BitLocker, a notable security upgrade aimed at eliminating performance restrictions caused by encryption on contemporary high-speed NVMe drives.
This innovative technology tackles the increasing worries regarding CPU load as storage devices enhance in speed, especially for users executing intensive tasks such as gaming and video production.
Performance Challenge with Modern NVMe Drives
As NVMe storage technology progresses, these drives provide rapid data transfer rates that elevate system capabilities to unprecedented levels.
However, BitLocker’s standard software-based encryption demands considerable CPU energy to encrypt and decrypt data instantaneously.
This leads to a performance hindrance on high-speed NVMe drives, where encryption tasks consume a notable amount of CPU cycles.
| Feature | How It Operates |
|---|---|
| Crypto Offloading | Transfers encryption responsibilities from the primary CPU to a dedicated cryptographic processor within the System on Chip (SoC). |
| Hardware-Protected Keys | Encryption keys are “wrapped” and safeguarded directly by the hardware (SoC), preventing them from being exposed in system memory. |
| Default XTS-AES-256 | Automatically selects the strong XTS-AES-256 algorithm on compatible hardware (NVMe drive + capable SoC). |
| Admin Verification | The manage-bde -status command line tool has been enhanced to identify and report this specific mode. |
It can induce noticeable lag during demanding activities such as extensive video editing, code compilation, or gaming.
Comparison of software BitLocker versus hardware-accelerated BitLocker architecture illustrating elevated performance via a dedicated crypto processor.
The latest hardware-accelerated BitLocker shifts the encryption load from the main CPU to dedicated crypto processors integrated into modern system-on-chip (SoC) architectures.
This method presents two essential enhancements. First, crypto offloading delegates substantial encryption processes to specialized hardware, liberating CPU assets for additional responsibilities and improving battery longevity.
Secondly, hardware-protected keys wrap BitLocker encryption keys at the hardware tier.
https://www.youtube.com/watch?v=lVqg079JgrA[/embed>
Minimizing exposure to CPU and memory weaknesses, alongside existing Trusted Platform Module (TPM) safeguards.
Hardware-accelerated BitLocker is enabled with the September 2025 update to Windows 11 24H2 and Windows 11 25H2.
This capability automatically activates on compatible devices featuring NVMe drives and suitable SoCs, utilizing the XTS-AES-256 encryption algorithm by default.
Intel vPro devices with Core Ultra Series 3 processors provide initial support, with additional vendor platforms anticipated.
Testing indicates that storage performance with hardware-accelerated BitLocker reaches NVMe speeds without encryption.
This technology offers an around 70% decrease in CPU cycles compared to software BitLocker. This translates into improved battery life as well as enhanced storage metrics for sequential and random read-write processes.
Microsoft intends to automatically update key sizes in an early spring update to maximize compatibility. Users can confirm hardware-accelerated BitLocker by executing “manage-bde -status” in an administrator command prompt.
The encryption method section reveals “Hardware accelerated” when the SoC’s crypto functions are operational.
Enterprise administrators should be aware that specific policy configurations stipulating unsupported algorithms or key sizes may impede hardware acceleration.
“`