Over the years, Microsoft has strived to keep BitLocker’s performance impact within reasonable limits, historically below double digits. The goal has always been to ensure data protection without significantly impacting the user experience, a balance that is now more complex due to hardware evolution.
The widespread use of NVMe drives has significantly increased input/output speeds. These devices offer much higher performance than previous generations, but they also require greater processing power when encrypting and decrypting data in real time. In this scenario, BitLocker encryption operations can significantly impact CPU usage.
The effect becomes more noticeable in I/O-intensive workloads. Activities like gaming, professional video editing, or compiling large software projects can suffer from increased latency or higher system resource consumption when encryption is handled entirely in software.
Growing user expectations for performance have necessitated a rethinking of the security approach . Data protection remains key, but must be accompanied by solutions capable of leveraging new hardware architectures without becoming a bottleneck.
Against this backdrop, Microsoft announced last month, at Microsoft Ignite , the introduction of hardware-accelerated BitLocker. The new implementation is designed to combine high levels of security with more efficient performance, reducing the computational load on the CPU.
Starting with the September 2025 Update for Windows 11 24H2 and with the release of Windows 11 25H2, BitLocker will be able to take advantage of new features offered by System on Chip and next-generation CPUs, in addition to existing support for UFS Inline Crypto Engine technology. The goal is to improve encryption management on current and future NVMe drives.
Among the main new features is the offloading of cryptographic operations to dedicated engines, which frees up CPU resources and improves energy efficiency. Encryption keys are also protected by hardware, complementing the role of the Trusted Platform Module and reducing exposure to CPU and memory vulnerabilities.
Hardware-accelerated BitLocker will be enabled by default with the XTS-AES-256 algorithm on compatible devices with NVMe drives and SoCs that support cryptographic offload. Initial support will be available on Intel vPro systems with Intel Core Ultra 3 Series processors, codenamed Panther Lake, with additional hardware platforms planned.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
