Microsoft Rolls Out Hardware-Accelerated BitLocker for Windows 11, Starting on Future Intel vPro PCs

Overview

• Support is live in Windows 11 24H2 with the September updates and in 25H2, enabling BitLocker to use XTS-AES-256 on devices that expose crypto offload in hardware.
• Initial enablement requires Intel Core Ultra Series 3 (Panther Lake) vPro platforms, with additional SoC vendors to follow, so broad gains will not appear until new PCs reach the market.
• Microsoft reports roughly a 70% reduction in CPU cycles for BitLocker workloads and shows random 4K reads and writes improving by about 2x to 2.3x versus software encryption, with potential battery benefits.
• Bulk crypto operations move to on-chip engines and keys are hardware-wrapped via HSMs and TEEs, which reduces exposure in the CPU and memory and advances Microsoft’s goal of removing keys from those areas.
• BitLocker will revert to software mode under unsupported algorithms, certain enterprise policies, or non‑FIPS offload in FIPS mode, and administrators can confirm hardware acceleration via the manage-bde -status command.