Microsoft’s Hardware-Accelerated BitLocker Delivers Significant Performance Improvements

Microsoft Introduces Hardware-Accelerated BitLocker Encryption for Windows 11

Microsoft has announced a major upgrade to BitLocker encryption in Windows 11, introducing hardware-accelerated cryptographic processing designed to dramatically improve storage performance and security. This new system shifts encryption tasks from software to specialized hardware accelerators integrated into upcoming CPU architectures, marking a significant step forward for enterprise and security-focused users.

Addressing Performance Bottlenecks in Software-Based BitLocker

Traditionally, BitLocker in Windows 11 has relied on software-based encryption, which has been associated with substantial performance penalties. For instance, enabling software-based BitLocker can increase the average number of CPU cycles per I/O operation from approximately 400,000 to 1.9 million—a 375% rise. This overhead has led to noticeable slowdowns in storage performance, particularly during demanding workloads and multitasking scenarios.

How Hardware-Accelerated BitLocker Works

The new hardware-accelerated BitLocker, unveiled at Microsoft Ignite 2025, is now available in Windows 11 version 25H2 and Windows Server 2025 with the September update. This system offloads AES-XTS-256 encryption from the main CPU to a dedicated cryptography engine embedded within the system-on-chip (SoC). By handling encryption at the hardware level, the solution not only boosts performance but also enhances security by hardware-wrapping encryption keys, making them more resistant to memory-based attacks.

Initial deployment targets Intel vPro platforms featuring the upcoming Core Ultra Series 3 "Panther Lake" processors. Microsoft has also indicated plans to expand support to additional hardware vendors in the future, broadening the reach of this performance and security enhancement.

Performance Improvements with Hardware-Based Encryption

Early benchmarks reveal significant gains with hardware-accelerated BitLocker. Some workloads have demonstrated a twofold increase in storage performance, while CPU usage drops by more than 70%. Sequential read and write speeds remain comparable between software and hardware encryption, but the most notable improvements are seen in random 4K operations—a critical metric for modern multitasking environments.

In RND4K Q32T1 read and write tests, hardware-accelerated BitLocker is 2.3 times faster than its software-based counterpart. For single-queue random reads, performance improves by approximately 40%, and for single-queue random writes, speeds are about 2.1 times faster. These enhancements are particularly impactful for small-block random access patterns, which are essential for responsive multitasking and overall system efficiency.

Implications for Security and Enterprise Environments

Maya Stein Maya is a tech journalist who specializes in PC hardware and semiconductor industry trends. When she’s not writing, she’s building custom PCs and testing the latest peripherals.