It’s not a completely bad thing but ehh there are serious disadvantages, especially for gamers. I’m just glad I use Linux and will keep the change in mind in case I need to reinstall Windows on my gaming rig.
Btw TL;DR of the article is:
Windows 11 will automatically enable BitLocker on clean installs and re-installs.
OEMs will be able to enable it even on Windows 11 Home with a special UEFI flag (whatever that means).
BitLocker is a full-disk encryption technology by Microsoft. It provides better security since the data on the drive cannot be read without decrypting it (especially useful if someone steals the device) but the data cannot be recovered in case of forgetting the password or system malfunctions. Also it greatly decreases performance of the drive (by up to 45% on SSDs). This makes it unsuitable for many computer users.
The feature cannot be disabled by native means. If you want to disable it, use Rufus and select the appropriate flag when creating the bootable USB.
You can just turn off Bitlocker in the Windows settings from what I can tell. It just seems to default to encryption, like every other OS has for the last decade or so.
Can you provide a source for the 45% performance hit? The average consumer CPU can do a couple of GB per second of AES operations these days, so I wonder how you got to that number.
That number was only for random write performance. And if you have an SSD that supports TCG Opal and eDrive standard (IEEE-1667) for hardware based bitlocker encrytion then there is no negative speed impact.
No wonder the percentage is that high, the 990 Pro performs extremely well. I doubt the average gamer has an SSD that fast, though. But, on the other hand, the SSD tested has hardware encryption support, so by default the user wouldn’t notice anything regardless.
I’d be much more interested in benchmarks of common consumer SSDs in their standard configuration. Hopefully some tech outlet like LinusTechTips will test this at some point; they’d also be able to test real life video game performance, which would be a nice bonus.
macOS has encrypted the system partition since the T2 chip was introduced. Older hardware doesn’t do encryption by default, but you’ll need a device over seven years old for it not to come with encryption by default.
I wonder where the average is for the performance reduction. Probably something I’ll look into but I’d be pissed if I bought a drive and instantly lost even 20%.
Luckily, I’m not on Windows so I have nothing to really worry about but damn.
Bitlocker leaves partitions it can’t understand and system partitions (like the EFI ones) alone in my experience.
Dual boot users may have trouble accessing their Windows files if they don’t configure Bitlocker to allow direct password unlock (I believe Windows 11 uses the TPM, possibly with a TPM PIN for interactive unlocking, which Linux can’t use to access the drive). This isn’t too difficult to work around, but it’s an extra step.
I mean for instance. I dual-boot Linux and W11 atm. For some reason my Windows 11 needs to be formatted back because of the virus or etc or SSD replacement with fresh installation of Windows11 and of course bitlocker will be activated automatically after WIndows have been reinstalled it back from the scratch. Will this affect my other ext4 or Btrfs OS partition? or do I need to back up of my Linux important files on that partition before W11 mess up my Linux?
Knowing Microsoft’s behavior for many years, it might. If I had a dual-boot, I’d make sure I have a backup of all the important data on a separate device
It’s not a completely bad thing but ehh there are serious disadvantages, especially for gamers. I’m just glad I use Linux and will keep the change in mind in case I need to reinstall Windows on my gaming rig.
Btw TL;DR of the article is:
Windows 11 will automatically enable BitLocker on clean installs and re-installs.
OEMs will be able to enable it even on Windows 11 Home with a special UEFI flag (whatever that means).
BitLocker is a full-disk encryption technology by Microsoft. It provides better security since the data on the drive cannot be read without decrypting it (especially useful if someone steals the device) but the data cannot be recovered in case of forgetting the password or system malfunctions. Also it greatly decreases performance of the drive (by up to 45% on SSDs). This makes it unsuitable for many computer users.
The feature cannot be disabled by native means. If you want to disable it, use Rufus and select the appropriate flag when creating the bootable USB.
You can just turn off Bitlocker in the Windows settings from what I can tell. It just seems to default to encryption, like every other OS has for the last decade or so.
Can you provide a source for the 45% performance hit? The average consumer CPU can do a couple of GB per second of AES operations these days, so I wonder how you got to that number.
Read the source. I just shortened it
https://www.tomshardware.com/news/windows-software-bitlocker-slows-performance
That number was only for random write performance. And if you have an SSD that supports TCG Opal and eDrive standard (IEEE-1667) for hardware based bitlocker encrytion then there is no negative speed impact.
No wonder the percentage is that high, the 990 Pro performs extremely well. I doubt the average gamer has an SSD that fast, though. But, on the other hand, the SSD tested has hardware encryption support, so by default the user wouldn’t notice anything regardless.
I’d be much more interested in benchmarks of common consumer SSDs in their standard configuration. Hopefully some tech outlet like LinusTechTips will test this at some point; they’d also be able to test real life video game performance, which would be a nice bonus.
Yeah it would only be that slow if you don’t have a CPU with AES-NI instructions (which were introduced nearly a decade and a half ago)
No desktop OS does, (Excepting the odd Linux distro I’m sure is out there), not even macOS does.
iOS/Android yes
macOS has encrypted the system partition since the T2 chip was introduced. Older hardware doesn’t do encryption by default, but you’ll need a device over seven years old for it not to come with encryption by default.
Since most people sign into Windows with their Microsoft account, does that mean that MS holds the decryption keys for your local hard drive?
If you configure it to backup your keys to your account, yes.
This (at least used to be) an opt in configuration option
Excuse me, what!?!
I wonder where the average is for the performance reduction. Probably something I’ll look into but I’d be pissed if I bought a drive and instantly lost even 20%.
Luckily, I’m not on Windows so I have nothing to really worry about but damn.
That’s random writes, tested on a particularly fast SSD. Most consumer SSDs won’t get to the 550MB/s random writes, hitting closer to 85MB/s.
The question is will this encrypt other partition that have other OS such as Linux automatically especially for dual boot users?
Bitlocker is a feature that relies on NTFS
Unless you’ve somehow been working with cthulhu and installed Linux on an NTFS partition, you’re probably golden
Bitlocker leaves partitions it can’t understand and system partitions (like the EFI ones) alone in my experience.
Dual boot users may have trouble accessing their Windows files if they don’t configure Bitlocker to allow direct password unlock (I believe Windows 11 uses the TPM, possibly with a TPM PIN for interactive unlocking, which Linux can’t use to access the drive). This isn’t too difficult to work around, but it’s an extra step.
I mean for instance. I dual-boot Linux and W11 atm. For some reason my Windows 11 needs to be formatted back because of the virus or etc or SSD replacement with fresh installation of Windows11 and of course bitlocker will be activated automatically after WIndows have been reinstalled it back from the scratch. Will this affect my other ext4 or Btrfs OS partition? or do I need to back up of my Linux important files on that partition before W11 mess up my Linux?
Knowing Microsoft’s behavior for many years, it might. If I had a dual-boot, I’d make sure I have a backup of all the important data on a separate device