Windows 10: Does encrypting ssd add writes to the drive?

I don't mean after you encrypt the drive. I'm talking about actually encrypting a blank ssd, does the drive see that as writing to the cells in the drive, and count that to the number of total writes?

:)

 

Poor write performance of Bitlocker-enabled USB 3.x UAS (USB Attached SCSI) external SSD drives







Hi Community!

This topic is about poor write performance of Bitlocker-enabled external USB 3.x attached SCSI SSD drives (so called UAS drives) that are gaining popularity these days.

I trigger this topic because I found information available on the Internet too contradictory and misleading, and because of growing number of UAS SSDs on the market. The devices are typically equipped with some sort of
SandFprce or Phison controllers, so they operate much like SAS SCSI drives. Peculiarly, since USB 3.x provides double simplex transfers, in theory (if supported in Windows 10, of which I am not sure) the devices should be capable of simultaneously read and
write with little speed downgrade.

When people complain about “something is wrong” with their Bitlocker enabled drive, they lack “system and methodology”, because what is applicable to one drive is not applicable to another or the same drive in different circumstances.
Hereby I give you a method of correctly testing and comparing the performance of the external USB 3.x attached SCSI SSD drives which cannot alter the true results and mislead interpretations. (Like the guy who run the test on a PC with 64 GB DRAM and test
file size of 32 GB therefore actually measured performance of cache and not Bitlocker itself). Once you stick to the procedure described, you will not make such the mistakes.

This procedure applies to Bitlocker encrypted volumes on external SCSI SSD drives connected through USB 3.x serial bus to Windows 10 64 Professional / Professional for Workstations machines, builds 1605 and above;

For this procedure the following conditions are true:

• The CPU of the machine has included set of Intel New AES instructions, providing at least 5 G-ops for encryption/decryption performance in hardware, total for all the cores;

• The sustained DirectIO mode (Windows caching disabled) speed of the SAS attached USB 3.x drive should be above 400 MB/sec for both write and read random patterns, latency below 0.03 ms, when tested blocksizes are above 256K according ATTO and test
  file size should be double of the system physical memory. So we know for sure UAS is enabled and operating.

• The drive should be set as "Removable" in the policy. This is a precaution to prevent the OS to intervene into the IO flow and caching.

Now the Bitlocker performance measure procedure:

• Create a new NTFS volume on the drive with size of quadruple of system memory size (physical). So t.ex. for 8 GB system memory we create a volume 32 GB.

• Ensure that hardware encryption on the drive, if any, is disabled in GPO. For me t.ex, with new Corsair Voyager GTX 512 GB, there is no encrypting processor on the drive, as the controller of the disk is Phison (no compression or encryption).

• Create another volume next to it, of the same size and type of filesystem as the previos. This second volume will be our reference.

• Enable BITLOCKER for the first volume and fully encrypt it with new XTS 128 bit AES (default for new versions of Windows 10) and not the "compatible mode". Do NOT use "Bitlocker On The Go", encrypt the whole volume NOW. Do not enable the Bitlocker
  on the reference volume.

Well, if you correctly reproduced the bench, you will have a Bitlocker volume on your external drive with assigned letter, and another volume with another assigned drive letter, so move on and open ATTO.

• Pick up the second (unencrypted) volume by the assigned letter. Select queque depth of 8, Direct IO mode, IO overlapping as test parametes and full range for the block sizes. Set test file size to be half of the volume size.

• Run the test and save the results.

• Now, do the same for the Bitlocker encrypted drive. Save the results

The outcome.

You will immediately notice how performance drops when BitLocker is enabled. This is especially noticeable for large block sizes.

Pick up t.ex 4 Mb block size random write speed from the results set for unencrypted volume and divide it by the same result for the Bitlocker encrypted volume.

For me the performance degradation is severe: this ratio is as large as 4 on NTFS and up to 7 for ReFS; To underline, this is for the whole encrypted volume.

Discussion.

Till now, nobody told us how much actual data the Bitlocker writes physically to disk when System writes to Bitlocker some given portion of data. What is the aspect ratio of the two? With the hardware AES support on new Intel
CPUs the encryption overhead is minimal, a matter of percents;

But ratios this high for AES writing operations might tell us that Bitlocker writes 4-5 times more to the physical layer that it writes on the System level, hence the performance drop.

Is that normal, is that “by design”?

Can you share you results acquired according this procedure for you drive?

Can you report your model name/ capacity with the result of the test?

It seems that something is not clear with the latest implementation of Bitlocker when it comes to real-world performance with external USB 3.x UAS SSD drives. Do you agree?

What is your opinion on the topic? Would you suggest some additional testing/ GPO settings/ configurations to test this issue more completely and are you aware of the way how to fix it, if you believe it is possible?

Do you agree that sustained write performance for 450+ MB/s capable device at 100+ MB/s with Bitlocker enabled is a shame? For comparison, VeraCrypt provides Three Level Nested Encryption at such the write speed on the same drive
and volume!

Thank you everybody who reads this and share your thoughts and results.

Thank attached are ATTO test for the same volume on the external USB 3.x UAS SSD Bitlocker encrypted vs. Unencrypted (NTFS)

Regards,

Serge

 

Device Encryption not avaiable

Hello Fraczek,

Thank you for contacting Microsoft Community.

We understand your concern in this regard.

• Are you referring to BitLocker Drive Encryption?
• What preventing you from doing this?
• Did you get any error message or code while doing this?

Before you come up with the above information, suggest you to refer the article

Help protect your files using BitLocker Drive Encryption and see if it help you.

Do refer the article
Windows BitLocker Drive Encryption Step-by-Step Guide and check if it help you with the required information.

Keep us posted if you require further assistance.

 

Recover files from encrypted SSD drive?

Hi . Is there any way or trick to recover files from SSD encrypted drive?

Encryption from bitlocker on it self , due changing in the bios!

So i have super important files in that drive !

Please any help?