There are few things more frustrating than paying for high-speed PC components and then leaving performance on the table because software slows your system down. Unfortunately, a default setting in Windows 11 Pro, having its software BitLocker encryption enabled, could rob as much as 45 percent of the speed from your SSD as it forces your processor to encrypt and decrypt everything. According to our tests, random writes and reads — which affect the overall performance of your PC — get hurt the most, but even large sequential transfers are affected.
While many SSDs come with hardware-based encryption, which does all the processing directly on the drive, Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out. (You can circumvent this with tools like Rufus, if you want, though that's obviously not an official solution as it allows users to bypass the Microsoft's intent.) If you bought a prebuilt PC with Windows 11 Pro, there's a good chance software BitLocker is enabled on it right now. Windows 11 Home doesn't support BitLocker so you won't have encryption enabled there.
To find out just how much software BitLocker impacts performance, we ran a series of tests with three scenarios: unencrypted (no BitLocker), software BitLocker (the Windows 11 Pro default), and with hardware BitLocker (OPAL) enabled. While the software encryption increased latency and decreased transfer rates, hardware encryption and no encryption at all were basically tied. If you have software BitLocker enabled, you may want to change your settings (more on that below).
How to Tell Whether You Have BitLocker EnabledTo see if you have a problem, you need to know if you have software BitLocker enabled in the first place. If you are on Windows 11 Home, it's not enabled in most cases (though it seems some laptops might still turn it on). If you're on Windows 10 Pro, it's probably not enabled (but it doesn't hurt to check).
For that matter, even if you're running Windows 11 Pro, if you're using a PC you assembled yourself, or one from a smaller boutique builder, there's still a good chance BitLocker is turned off. That's because there are specific requirements for Microsoft's policy of auto-enablement of BitLocker to happen, and most non-OEM PCs don't tend to tick every box.
To check your drive's encryption status, launch an elevated command prompt (run CMD as an admin) and then enter the command: manage-bde -status. You'll see a screen like the one below.
(Image credit: Future)So here you need to look at two fields: Conversion Status and Encryption Method. Conversion Status will tell you if you have encryption enabled at all and Encryption Method will tell you if it's hardware or software encryption. If the method says "XTS-AES" like in the shot above, it's software BitLocker. If it says "Hardware Encryption," you have hardware encryption.
If you get a message saying your drive(s) are "Fully Decrypted" and "Protection Off," you're not currently using BitLocker. For home PCs, that's probably fine, though on laptops that could be more easily lost/stolen, you may want to reconsider. There are good reasons for having BitLocker enabled.
Testing Windows 11 BitLocker PerformanceWe tested with a Samsung 990 Pro 4TB, using the latest release of Windows 11 Pro (22H2, all patched with the latest updates). Our testbed had a Core i9-12900K with 32GB of DDR4 memory, our standard storage test PC.
After installing Windows 11, we also ran a sustained write workload using Iometer to condition the drive, thus assuring repeatable results. The SSD is 4TB, so we ran 1MiB writes for four hours straight to ensure all the flash had been touched. This resulted in about 30TB worth of written data for each of the test scenarios.
In retrospect, while the results we'll show do indicate a potentially significant loss of performance — random IO was hit particularly hard; sequential IO, not so much — part of that is likely due to our high-end desktop PC. The Core i9-12900K is no slouch when it comes to performance, and while it's no longer the fastest chip around, it's fast enough that software-based BitLocker encryption wasn't as massive of a problem as you would see with lesser CPUs that don't have as much processing power. Regardless, the impact is surprising even with our high-end processor, and we suspect laptops, which is what a lot of businesses running Windows 11 Pro will be using, will be hit much harder.
We ran a slightly limited suite of tests than what we use for our SSD reviews, and because the testing required a clean Windows 11 Pro install, results aren't 100% directly comparable to our normal SSD benchmarks. We also can't speak to precisely how BitLocker will impact other SSDs, with or without hardware OPAL encryption support. But let's check the numbers that we do have for the Samsung 990 Pro.
(Image credit: Tom's Hardware)
