After several years, BitLocker is once again receiving support for hardware-based encryption. Microsoft is planning to outsource the drive encryption integrated in Windows to dedicated crypto hardware again in future. This should both improve performance on modern mass storage devices and reduce security-related risks associated with CPU and RAM-based methods. The announcement substantiates statements that Microsoft had previously made at the Ignite conference.

Until 2019, BitLocker already relied on hardware-based encryption, for example through special controllers or firmware solutions. However, security analyses showed that individual implementations were vulnerable, particularly due to inadequately secured hardware or faulty firmware. As a result, Microsoft shifted all cryptographic operations to software, secured by TPM modules, but executed via CPU and RAM. This solution was considered more controllable, but brought with it new attack surfaces, including side-channel attacks on processors and RAM.

The planned return to dedicated crypto units is intended to reduce these vulnerabilities. In the new architecture, encryption and decryption processes as well as key management take place entirely within specialized hardware. The CPU and main memory are no longer directly involved in these processes. Microsoft assumes that this means that sensitive keys are neither stored in RAM nor processed by general computing units. Diagrams from the Windows IT Pro Blog indicate that these functional units work in isolation and are integrated directly into the data path between the operating system and mass storage.

The first platform specifically mentioned by Microsoft is the upcoming Intel Core Ultra 300 series notebook processors, codenamed Panther Lake. These processors are expected to be presented at the Consumer Electronics Show in early January. Microsoft assumes that Panther Lake will have a further developed crypto engine with its own functional units, which is specially designed for cryptographic tasks. Other processors and hardware platforms are to follow, but there is no concrete information on desktop systems or ARM-based devices as yet. Whether and when these will be supported cannot be verified at present.

A major trigger for the changeover is the greatly increased performance of modern NVMe SSDs. BitLocker was originally designed to slow down inputs and outputs by only a single-digit percentage. However, with today’s transfer rates of fast SSDs, this goal can no longer be reliably achieved with CPU-based encryption. Dedicated crypto hardware is intended to reduce these bottlenecks by executing encryption processes in parallel and independently of the main computing cores. Microsoft has not yet published any concrete performance data or reliable benchmarks.

The return to hardware-based encryption is part of a broader overhaul of the Windows storage architecture. Microsoft has already recently introduced native NVMe access for client versions of Windows, having previously implemented this via a SCSI abstraction layer. The planned BitLocker architecture fits in with this approach of moving critical functions as close as possible to the hardware in order to increase efficiency and security.

Overall, the planned reorientation of BitLocker represents a clear change in strategy. Microsoft is thus reacting to the technical limits of software-based encryption in combination with very fast mass storage devices as well as to known attack vectors against CPU and main memory. Whether the new architecture actually achieves the expected security and performance gains depends largely on the quality and robustness of the hardware implementations used. Reliable statements on the actual increase in performance are not possible at the present time.

Conclusion

The return to hardware-based encryption with BitLocker is an understandable reaction to the increased performance requirements of modern NVMe SSDs and known attack scenarios against CPU and memory. Whether the approach will bring both measurable performance gains and a real security advantage in the long term can only be assessed after the availability of further supported platforms and independent analyses of the new hardware implementations.