Microsoft has unveiled a new hardware-accelerated BitLocker encryption system for Windows 11, which shifts cryptographic operations from software to dedicated accelerator units integrated into future CPU microarchitectures. Historically, software-based BitLocker in Windows 11 has caused massive performance degradation. For example, in Windows 11 going from no BitLocker to software-based BitLocker has caused average number of cycles per I/O to skyrocket from roughly 400,000 cycles to about 1.9 million cycles. This is a 375% increase in cycles per I/O, and can cause significant storage performance degradations. However, Microsoft is finally bringing hardware-based encryption to solve this.
The new hardware acceleration, announced at Ignite 2025 in November, is now available in Windows…
Microsoft has unveiled a new hardware-accelerated BitLocker encryption system for Windows 11, which shifts cryptographic operations from software to dedicated accelerator units integrated into future CPU microarchitectures. Historically, software-based BitLocker in Windows 11 has caused massive performance degradation. For example, in Windows 11 going from no BitLocker to software-based BitLocker has caused average number of cycles per I/O to skyrocket from roughly 400,000 cycles to about 1.9 million cycles. This is a 375% increase in cycles per I/O, and can cause significant storage performance degradations. However, Microsoft is finally bringing hardware-based encryption to solve this.
The new hardware acceleration, announced at Ignite 2025 in November, is now available in Windows 11 version 25H2 and Windows Server 2025 with the September update. Early testing shows that some workloads experience double the storage performance while reducing CPU usage by over 70%. The system offloads AES-XTS-256 encryption processing from the main processor to a fixed-function cryptography engine embedded within the SoC. Encryption keys are hardware-wrapped to enhance security against memory-based attacks. The initial rollout will target Intel vPro platforms with the upcoming Core Ultra Series 3 "Panther Lake" processors, but Microsoft plans to extend support to other vendors as well.
Performance data indicates that sequential read and write speeds are similar between software and hardware approaches. However, random 4K operations show significant improvements with hardware acceleration. In the RND4K Q32T1 read and write tests, hardware-accelerated BitLocker is 2.3 times faster. For single-queue random reads, hardware-based encryption is approximately 40% faster, and for single-queue random writes, it is about 2.1 times faster. These results demonstrate that hardware-based acceleration significantly enhances small-block random performance. These random access patterns are crucial for modern multitasking, which explains why the previous software-only implementation experienced the most significant slowdowns.