yamamoto2002 Posted November 30, 2023 Share Posted November 30, 2023 There is an article with shocking title https://www.tomshardware.com/news/windows-software-bitlocker-slows-performance Fortunately, I don't use Microsoft Account Logon on my Windows 11 Pro computer and not affected by this disaster. How to know if BitLocker drive encryption (BDE) is enabled or not: Quote Run CMD as administrator and run manage-bde -status Software encryption seriously degrades drive R/W performance and negatively impacts to user experience. This is my opinion, software drive encryption should not be used and should be avoided at any costs There are several workaround to this problem: Use hardware-based self encryption drive feature to accelerate/offload encryption/decryption Disable BitLocker encryption Option 1 is technically interesting. Most modern SSDs support Trusted Computing Group (TCG) Opal security subsystem class (SSC) 2.0 self encrypted drive (SED) feature. It seems, in order to use this feature, drive data should be cleared, enable OPAL with some tool, and clean install Windows operating system, then set BitLocker to use hardware-based encryption. The Computer Audiophile 1 Sunday programmer since 1985 Developer of PlayPcmWin Link to comment
yamamoto2002 Posted March 27 Author Share Posted March 27 Anyone tried to enable BitLocker hardware encryption on OS system drive? On recent months, I tried to enable BitLocker hardware encryption on Samsung 990 Pro, Samsung 980 Pro and Samsung 970 Pro with several computers, with no success so far. With some googling, finally MSINFO32 shows the computer meets device encryption prerequisites with Intel NUC 12DCMi9 computer and Samsung 990 Pro. But manage-bde -on -fet hardware returns ERROR: An error occurred (code 0x803100b2): The drive specified does not support hardware-based encryption. And Samsung Magician shows this device do not support Encrypted Drive feature. Enable Encrypted drive and perform secure erase Then clean install Windows 11 Pro It seems the drive does not support Encrypted Drive feature. Sunday programmer since 1985 Developer of PlayPcmWin Link to comment
MarcelNL Posted April 7 Share Posted April 7 I would not want bitlocker to run, so I never tried it, it's a nuisance when it's active. For work computers with anything remotely 'confidential' I'll live with it but on an audio server I keep all security paranoia options off. ISP, glass to Fritz!box 5530, another Fritz!box 5530 for audio only in bridged mode on LPS, cat8.1, Zyxel switch on LPS, Finisar <1475BTL>Solarflare X2522-25G, external wifi AP, AMD 9 16 core, passive cooling ,Aorus Master x570, LPSU with Taiko ATX, 8Gb Apacer RAM, femto SSD on LPS, Pink Faun I2S ultra OCXO on akiko LPS, home grown RJ45 I2S cable, Metrum Adagio DAC3, RCA 70-A and Miyaima Zero for mono, G2 PL519 tube amps. Link to comment
botrytis Posted April 7 Share Posted April 7 I never turned it on. so it is no big deal to me. Current: Daphile on an AMD A10-9500 with 16 GB RAM DAC - TEAC UD-501 DAC Pre-amp - Rotel RC-1590 Amplification - Benchmark AHB2 amplifier Speakers - Revel M126Be with 2 REL 7/ti subwoofers Cables - Tara Labs RSC Reference and Blue Jean Cable Balanced Interconnects Link to comment
yamamoto2002 Posted April 8 Author Share Posted April 8 It is pure technical interest, how to enable hardware encryption, how software disk encryption affect to compute performance and how much the impact is alleviated by hardware encryption. It is also preliminary exercise, potentially Microsoft mandates disk encryption in the future releases. About enabling hardware encryption, it seems it is more difficult than I first thought. Information around this technology is sketchy. I'm considering to get different SSD to retry. About performance impact of software encryption, it is rather obvious, software disk encryption is not light task for CPU. Benchmark shows higher CPU load and slower I/O performance, I do not believe some people on Internet say software disk encryption is light task for modern CPU. Sunday programmer since 1985 Developer of PlayPcmWin Link to comment
yamamoto2002 Posted April 17 Author Share Posted April 17 Still no success so far. Searched a bit and found this paper: https://www.ieee-security.org/TC/SP2019/papers/310.pdf Currently Crucial NVMe does not support Windows hardware encryption of bitlocker. I think the paper affected to this decision at least some degree. https://www.crucial.com/support/articles-faq-ssd/hardware-encryption-nvme-ssds Maybe this paper is also related to current situation of Samsung NVMe (it is speculation, there is no definitive article found) I learned, SSDs that supports encryption always encrypt stored data: When encryption is OFF, data is encrypted with default encryption key, therefore there is no performance penalty when hardware encryption is enabled. In theory, hardware encryption is more secure than software encryption when it is implemented properly, because encryption key is not exist on main memory. I hope this hardware encryption issue will be sorted out and enabling hardware encryption becomes more easier in the near future... Sunday programmer since 1985 Developer of PlayPcmWin Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now