Tech is ready; all that remains are compatible SoCs: officially, hardware acceleration for BitLocker is here.
This feature is integrated into Windows 11 25H2 (deployed since October) and 24H2 (with the September update). On the one hand, it offloads cryptographic operations from the CPU to a dedicated auxiliary engine. On the other, following the same principle as HSMs, it enables generating, encapsulating, and using block encryption keys within a hardware enclave—reducing their exposure in RAM.
Intel SoCs to Start
The first chips to support hardware acceleration for BitLocker are Intel’s Core Ultra Series 3 (Panther Lake), which Intel is expected to launch at CES (January 5–9).
The default algorithm will be XTS-AES-256. On compatible configurations, if a user or a script specifies an algorithm or key size that is not supported, BitLocker will fall back to the software implementation. Microsoft intends to adjust this behavior in the spring by automatically increasing the key size when necessary.
Beyond security, the mechanism is expected to improve performance. Particularly on NVMe drives, which now reach speeds where the CPU burden of cryptographic operations can become noticeable.
In its own tests — of course conducted in an “ideal configuration” — Microsoft reports more than doubling read and write speeds by enabling hardware acceleration for BitLocker. It also claims to have saved, on average, 70% of CPU cycles.
Further reading:
SaaS and encryption: Microsoft 365 targeted by a call for vigilance
Windows 11: the noose tightens around local accounts
Agent 365: after orchestration, Microsoft promises governance of agentic AI
