Microsoft promises to nearly double Windows storage performance after forcing slow software-accelerated BitLocker on Windows — new CPU hardware-accelerated crypto will also improve battery life, but requires new CPUs
The new BitLocker implementation offloads encryption and decryption to dedicated crypto engines on supported SoCs, delivering faster storage performance and reduced CPU usage.
(Image credit: Microsoft)
Microsoft has introduced a new form of hardware-accelerated BitLocker encryption in Windows 11, offloading encryption and decryption to a purpose-built cryptography accelerator baked into future CPUs to improve performance and efficiency. First announced at Ignite 2025 in November, the feature has been added to the latest versions of Windows 11 (25H2) and Windows Server (2025 with the September Update), along with UFS (Universal Flash Storage) Inline Crypto Engine technology. This new tech will undo the performance penalties that Microsoft imposed on its users by forcing them to use software-based encryption by default, offering twice the storage performance in some types of workloads.
(Image credit: Microsoft)
However, Microsoft, being Microsoft, opted to force-enable the software version of BitLocker for new Windows Pro installs, hurting performance and battery life — you can only use hardware-based SSD encryption if you jump through a complicated series of largely undocumented hoops.
Hardware-accelerated BitLocker - YouTube 
The company now plans to use a new hardware-accelerated BitLocker CPU implementation to address the issue it created, but it will take time to even become available.
Hardware-accelerated BitLocker will initially be available on Windows 11 devices with Intel vPro platforms based on upcoming Intel Core Ultra series 3 “Panther Lake” CPUs, with broader support planned. The latest version of BitLocker is expected to leverage new capabilities on upcoming chips, including crypto offloading, where the bulk of cryptographic operations will be moved from software running on the CPU to a dedicated fixed-function crypto engine. Additionally, BitLocker bulk encryption keys will be hardware-wrapped on select SoCs to improve security by reducing exposure to CPU and memory vulnerabilities.
Microsoft’s Rafal Sosnowski stated in a blog post, “When enabling BitLocker, supported devices with NVMe drives along with one of the new crypto offload capable SoCs will use hardware-accelerated BitLocker with the XTS-AES-256 algorithm by default. This includes automatic device encryption, manual BitLocker enablement, policy driven enablement, or script-based enablement with some exceptions.”
