windows - Bitlocker Performance Impact on SSD

I've put a brand new SSD into my work computer and my IT department wants me to use BitLocker. I read one of the other threads on BitLocker performance on standard harddrives, but I was wondering - what's the performance impact of BitLocker like on a Solid State Drive?

Will it noticeably impact the speed with which I open my archive files in Outlook or open projects in Visual Studio?

Because BitLocker does not really change the usage characteristics of the drive other than changing the data itself (e.g. it does not cause the OS to write randomly instead of linearly), it should have the same impact on an SSD that it would have on platters. That is, I would still expect the 20%-10% decrease in performance that MaximumPC found, as mentioned in the thread you link to. Note that the speed of BitLocker may be bottlenecked by either the processor or the drive. That is, if the processor can encrypt/decrypt faster than the drive can read/write data, then file I/O will occur at near the speed of the drive. If your processor is overtaxed, the processor may limit file I/O speed (although I believe hardware-accelerated cryptography should minimize the likelyhood of this happening).

You should have a negligible performance impact with most SSDs. Especially with the latest Intel CPUs that can do hardware AES way faster than a drive (any drive) can read or write. My MacBook Pro pushes over 900 megabytes per second with AES according to the TrueCrypt benchmark, and that's a laptop.

On my desktop I use 4 Samsung SSDs in RAID0 and I have BitLocker turned on. TrueCrypt on this same machine reports over 5GB/sec for AES. (Two 6-core Xeons...)

That said, the SandForce SSD controller is said to do some internal compression/dedupe (which was proven via benchmarks that used large compressed files that it could not "optimize"). Obviously this is not going to work at all with BitLocker where every encrypted sector will be completely unique and uncompressible. So if you're planning on using an SSD, don't get a SandForce one - or if you do, make sure you can return it if you find that performance really degrades after you turn BitLocker on.

I do not know if what applies to Truecrypt applies to bitlocker, but on SSDs, Truecrypt has a hugely negative impact on performance if you encrypt the entire disc.

The root cause of the problem is that you can no longer tell the difference between free space and usable space because encrypted data and encrypted free space are both treated as data. This defeats both TRIM and any wear-leveling optimizations.

The performance on reads is negligible, but on average you are cutting your write performance by half or more. There is some evidence that leaving a free empty partition (i.e. giving the wear leveling algorithms, which factor into performance, room to work with) has a huge positive benefit, but TRIM does leak data and can theoretically be used to compromise an encrypted partition by someone with enough resources.

EDIT: This might no longer be true because of "TRIM Passthrough" features that now exist, but there is a lot of very tangled information out there when googling exactly how this behaves. I would love to see some actual benchmarks with TrueCrypt 7.0 and FDE (older versions of TC will display the problems I talked about above), but I cannot find any!

My companies testing of Bitlocker on windows 7 showed that with a laptop with a 7200RPM drive as well as an Intel SSD, they both had about 5% reduction in speed. However, for the very first task of initializing bitlocker, the HDD took about 4 hours, and the SSD was dramatically faster (both drives were 160GB drives)

However, the laptops had some new fancy Core i5 processors, and chip sets, and could offload the encryption off of the main CPU.

I've been running Windows 7 Ultimate 64 Bit, using a SSD (120 GB) for about 5 months. I'm using a 1TB HDD (middle to high end) at 7200RPM as my comparison. First the test involved simply clocking the OS start up time. Although it was not lightning fast it was apprx. 2 times faster than the HDD. Only testing larger files (at least 1 GB) there was also a significant increase in speed. Relatively, across the board, the SSD is faster than the HDD!

Bitlocker; however, has had serious conflicts with the SSD. My experience has shown that there's a strong likely hood they're not made for each other. The main problem is that the volatile nature of SSD causes Bitlocker to believe that there has been a change in the hardware configuration even when no such change has taken place. The end result is an ongoing request for passwords and/or Bitlocker recovery keys.

Whether it be a fault in the SSD, Bitlocker, or both, the machine stopped accepting passwords and recovery keys all together. After receiving my RMA, encrypting the drive and using as usual, the exact (change of Hardware Config.) problem reoccurred. After decryption of the drive I've had no problems and performance has been very good! Needless to say sacrificing a large amount of security.

SSD does offer a big increase in performance. Windows Experience before: 5.9 Windows Experience After: 6.9

Are you open to running Windows 8? Do you have a TPM chip in your laptop, and is your laptop UEFI capable?

There are TCG OPAL SSD drives out there. I have not found a Sandforce based drive that supports this, but Micron has one: Micron C400 SED. You have to make sure you buy the SED version, not the plain version. Using an OPAL compliant drive will allow you to use Bitlocker in Windows 8 in conjunction with the drive's encryption (which it's already doing).

Bitlocker in this scheme does not actually do any encryption from the system side (at least for data read/written). The bulk of Bitlocker in this mode is acting as a "Gatekeeper" since SED drives still need a means of access control to unlock the drive. When those are activated in this mode (with W8 and Bitlocker), the drive is initially locked and the system will only show a very small "shadow partition" under 200MB. This is where the W8 boot files are stored and the unlocking in Bitlocker happens with it interacting with TPM to pass a key to unlock the drive.

If you don't want to go Windows 8, you lack TPM (though I assume you have it since they asked you to enable bitlocker), or BIOS instead of UEFI there are a number of software products that can manage SED drives in place of Bitlocker.

In my experience, Bitlocker does in fact have a noticeable degradation in performance even with HDDs. With SSDs, the comparisons I've seen seem to indicate the degradation is worse, perhaps enough that a lot of the benefits to SSD is reduced. In my view, a SED based SSD with Bitlocker management (or another software piece) is the best way to go.