Earlier this month, we covered an issue about a "65000" BitLocker encryption error message which was affecting both Windows 11 as well as Windows 10 PCs. And while that was only a reporting issue, something else is actually impacting the performance of Windows 11 Pro PCs.
Tom"s Hardware has found that the default software-based BitLocker encryption (XTS-AES 128, where XTX stands for XEX Tweakable Block Cipher with Ciphertext Stealing and AES is Advanced Encryption Standard), which is enabled by default on pre-built PCs like laptops and notebooks, among others, is hitting the performance of SSDs pretty hard. The outlet notes that the impact can be as bad as up to 45%. This report comes hot on the heels of another one where we saw that Linux (Ubuntu) has continued to grow its lead over Windows 11 and in some cases, it is more than twice as fast.
Tom"s Hardware says:
We reached out to several OEMs, and Dell, HP, and Lenovo told us they ship systems with Windows 11 Pro with software-based encryption unless a user orders an SSD that has hardware-based encryption available. It"s not clear if they always enable hardware encryption on every SSD that supports the feature, but if you don"t pay extra for such a drive, you"ll likely end up with reduced storage performance. We haven"t received a response from several other OEMs yet, but we suspect most have similar policies in place.
To test the performance hit, one of the fastest PCIe Gen4 NVMe SSDs in the form of the Samsung 990 Pro 4TB was used. The least impact was seen in the sequential peak speed tests. In a DiskBench 50GB file copy test, the drive with software encryption had a 13% performance loss since unlike the hardware-accelerated Opal solution, the software one uses the CPU to do the encryption.
The performance hit is far worse on random reads and writes though especially in the Queue Depth 1 (QD1) tests. In the 4KB QD1 random read test, there is a 21% slowdown in the IOPS (input/output operations per second). The impact is even greater in the case of random writes as the 990 Pro sees a 46% hit compared to hardware encryption and a 43% hit compared to no encryption:
When the QD is changed to 256, the impact is different as hardware and software both see big slowdowns in performance when talking about writes:
The 4TB 990 Pro tested here comes with 4GB of LPDDR4 DRAM cache as well and despite that, the slowdown in randoms is very prominent. You can find the full test results at the source link below.
If you have an OEM pre-built system that came pre-installed with Windows 11 Pro, chances are it has software BitLocker enabled. You can check that by running an elevated command prompt (CMD as an admin) and entering the command: "manage-bde.exe -status".
When you do so, the Protection status will be displayed as "Protection On" and in the case of software encryption, the encryption method is set to "XTS-AES 128". A device with BitLocker disabled will display "Protection Off" and the Encryption method will be "None".
Another way to do so is to launch the Disk Management console and check to see if the drives show "BitLocker Encrypted" in brackets.
Source and images: Tom"s Hardware