So far in my blog I have not covered anything Windows related and I figured that this subject would be interesting enough to fill this gap. According to the article published by PCMag in October 2023, bitlocker can slow down SSD up to 45%. So I wanted to test it on my work laptop.
I use Windows as my daily driver at work and my NVMe SSD drive on my laptop has started failing. So I got myself a new inexpensive 2TB NVMe from Crucial. The model sold at this price, of course, does not support hardware encryption. Windows 11 (and I think Windows 10 as well) usually has bitlocker encryption enabled by default, but since I had to clone my drive first, bitlocker encryption was disabled.
I will not cover the process here, just to mention that there is a good FOSS tool called Rescuezilla which I recommend for this purpose. You can find very good guides online. For example, this YouTube video illustrates the cloning process very well:
Speed test (bitlocker disabled)
So when I booted my machine up, I first check the status of bitlocker encryption from PowerShell or Command Prompt using the following command:
PS C:\WINDOWS\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
Size: 1861,52 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0,0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
NB! You need to run PowerShell or Command Prompt as Administrator in order to manage bitlocker encryption.
Now let’s run some speed tests. It looks like a golden standard for SSD speed testing in Windows is a software called CrystalDiskMark. So I downloaded a standalone package from the website and ran some tests:
Speed test (bitlocker enabled) while encryption in progress
Now let’s enable bitlocker encryption. The easiest way to do it is to go to Privacy & Security - Device Encryption and enable Device Encryption.
So after activating the encryption and waiting for a few minutes, I checked the status again:
PS C:\WINDOWS\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
Size: 1861,52 GB
BitLocker Version: 2.0
Conversion Status: Encryption in Progress
Percentage Encrypted: 68,6%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
Numerical Password
TPM
Speedtest results during the encryption process were the following:
The process of encryption may take quite a long time depending on the SSD and computer specs. It is still possible to use your computer while encryption process is ongoing.
Speed test on bitlocker encrypted disk
After the encryption process has completed:
PS C:\WINDOWS\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
Size: 1861,52 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100,0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
Numerical Password
TPM
Speed performance on encrypted drive:
Final words and lessons learned
I ran a few tests and the screenshots above illustrate the average speed.
As expected, bitlocker software encryption indeed slows down the performance of the SSD drive. And as the article suggests the slowdown may be as high as 40%+ especially in cases of 4k rendering.
However I still think that especially on the laptop it is worth to have bitlocker in order to have some protection of personal data if it gets stolen or lost.
It is also worth to consider purchasing a NVME SSD device which has hardware encryption capability. It’s worth noticing though, that in order to enable it you will have to reinstall Windows from scratch. Cloning the device will not be an option.