The BitLocker disk encryption, which is only available for Windows 11 Pro systems and is often activated by default, can reduce SSD performance by up to 45 percent. Tom’s Hardware states this based on its own tests.
For his results has Tom’s Hardware tested three scenarios: without BitLocker encryption, with BitLocker’s software encryption, which is enabled by default in Windows 11 Pro, and with BitLocker’s hardware encryption. This included looking at the writing and reading speed, and the degree of latency. With software encryption of the drive, the measured SSD performance in the PCMark 10 benchmarks was on average twenty percent lower compared to performance with hardware encryption and no drive encryption. CrystalDiskMark 8’s random read test showed a similar performance difference, but software encryption performed 45 percent worse in the random write test.
Significantly lower SSD performance was also measured with the DiskBench and Atto Disk benchmarks. In almost all cases, however, the SSD performed about as well with hardware encryption as when disk encryption was completely disabled. The tests were carried out with a 4TB Samsung 990 Pro SSD, with an Intel Core i9-12900K and 32GB of DDR4 RAM.
Microsoft uses software BitLocker disk encryption by default, after the company decided in 2019 to ignore hardware encryption in Windows and encrypt the disk using software. The tech giant probably chose this because SSD manufacturers do not have the security of their drives in good order. This would make it possible to bypass disk encryption relatively easily. By performing disk encryption at the software level, Microsoft itself has control over security.
However, the processor must decrypt the entire disk and then encrypt it again. Microsoft then stated that modern PCs now have enough CPU speed to quickly carry out such software encryption without making the computer slow, but according to Tom’s Hardware this does not appear to be entirely the case. If users want to set up hardware encryption, they must completely reinstall Windows 11 Pro and use the Rufus tool to ensure that software encryption is not automatically reactivated during installation. It is also possible to completely disable disk encryption with a command prompt.