Microsoft’s software encryption for SSDs, BitLocker, has been found to be slowing down SSD performance by up to 45% in Windows 11 Pro. BitLocker is enabled automatically when Windows 11 Pro is installed and set up, and is intended to increase the security of SSD-related processes.
Eager to analyze the issue, TomsHardware tested the feature and found that SSD speeds could be seriously affected when running some applications.
Apparently, this happens because the software-based BitLocker constantly prompts encryption and decryption processes with data on your SSD while your computer carries out read and write processes. So, as your computer extracts and puts away files and data from your SSD as you go about your business, each of these inward and outward actions from the SSD is coupled with an additional encryption or decryption process that kicks off automatically every time.
A pcwelt.de article (translated by PCWorld) points the finger at Windows 11 developers including the encryption software as part of the installation process of Windows 11 Pro. According to pcwelt.de, many modern SSDs have their own built-in hardware-based encryption processes, and that results in all decryption and encryption processes being handled by SSD itself. Regardless, Bitlocker is activated when Windows 11 Pro is set up without giving users the option to opt-out or disable it.
What is the heart of the problem and does it affect you?
It’s speculated that Microsoft insists on doing this because if it doesn’t, then it must give up control of encryption to SSD manufacturers. This means that Microsoft would have to depend on these SSD manufacturers to manage such a vital feature for Windows 11 Pro users, and, in recent years, there have been vulnerability issues in the hardware encryption code created by the SSD manufacturers.
These manufacturers have been attentive and patched these vulnerabilities, but perhaps understandably, Microsoft doesn’t want to have to rely on a third-party to guarantee users SSD security.
It seems like Windows 11 Home isn’t affected by this specific issue because BitLocker encryption isn’t supported.
To find out if your SSD is affected by this problem, you can do the following:
- Open the Windows 11 Pro Command line with administrator rights.
- Enter the following command: manage-bde -status
This should open up the BitLocker Drive Encryption: Configuration Tool which allows you to analyze all the drives in your computer.
If you open Conversion Status, you’ll be able to figure out how your SSD data is encrypted. Next, if you look at Encryption Method, you should see what type of encryption is used on a particular drive: software encryption (“XTS-AES”) or hardware encryption (“Hardware Encryption”). “XTS-AES” means that BitLocker is enabled and is running software encryption, while “Fully decrypted” means BitLock is disabled and encryption processes take place in the SSD.
When users use programs that greatly involve the SSD, because every in and out process of the SSD is compounded with an extra encryption or decryption process, the SSD has to handle more processes altogether and experiences greater strain. Microsoft may be working on a software patch to address this whole issue in Windows 11 Pro, but it’s unconfirmed if this is currently being developed.
How to configure BitLocker in Windows 11 Pro
To speed up your device, you might consider disabling BitLocker, but you have to make an informed decision, as BitLocker and the extra security it provides is beneficial to those who use corporate and business devices, and those who find themselves travelling often, and find that they’re in situations where there’s heightened risk of the device being stolen in general.
If you have BitLocker installed, because it’s integrated with your system on a software and operating system level, you can only access the computer’s data by entering the Windows account details tied to that specific Windows 11 Pro device.
If corporate and business devices come with Windows 11 Pro, then it’s likely that they have default settings, and that these devices are experiencing this specific type of slowdown.
After careful consideration and understanding, if you need higher-level data protection and you still want to get rid of this SSD encryption protection, then you can deactivate BitLocker by taking the following steps. Make sure that you understand clearly what level of encryption you need before you do this!
- Open the Windows 11 Pro Command line with administrator rights
- Enter the following command: manage-bde -off C:
C: here represents whatever drive you want to turn off BitLocker for, and if it’s not C: then you need to change it to the drive you want to remove BitLocker from. After that, you will need to restart your computer to complete the process of disabling BitLocker.
There is a way to not totally disable SSD encryption altogether, but switch it from software encryption to hardware encryption and this process has also been detailed by pcwelt.de (translated by PCWorld).
I personally would only consider disabling BitLocker if you don’t use your computer in any work capacity, or if you don’t have any data or files on it that you consider particularly sensitive. However, this is still useful information in terms of understanding more about the inner workings of your computer and digital security.