Bitlocker AES-NI: Check Hardware Acceleration

TL;DR

Yes, Bitlocker can use hardware acceleration (AES-NI) if your processor supports it. This significantly speeds up encryption and decryption. Here’s how to check if it’s enabled and working.

Checking for AES-NI Support

1. Check Your Processor: First, confirm your CPU supports AES-NI. You can do this in a few ways:
   • Manufacturer Website: Look up your processor model on Intel’s or AMD’s website and check its specifications.
   • CPU-Z Utility: Download and run CPU-Z (free). In the ‘Instructions’ section, look for ‘AES’. If it’s listed, your processor supports AES-NI.

Verifying Bitlocker is Using AES-NI

Bitlocker doesn’t explicitly state if it’s using AES-NI in its settings. However, you can check the system event logs to confirm.

1. Open Event Viewer: Press Windows Key + R, type eventvwr.msc and press Enter.
2. Navigate to Bitlocker Logs: In Event Viewer, go to:
   • Applications and Services Logs > Microsoft > Windows > BitLocker-Driver
3. Check for AES-NI Events: Look for events with Event ID 1105. This event indicates that Bitlocker is using hardware encryption.

   Event ID: 1105

   The details of the event should mention ‘AES Hardware Encryption’. If you see this, AES-NI is being used.

4. If Event 1105 isn’t present: Check for errors related to Bitlocker. Sometimes an error message can indicate why hardware encryption isn’t enabled (e.g., a TPM issue).

Enabling Bitlocker with AES-NI

Bitlocker usually enables AES-NI automatically if it’s available and the system meets the requirements. However, you can ensure it’s used during setup.

1. Turn on Bitlocker: Search for ‘Manage BitLocker’ in Windows.
2. Select Drive to Encrypt: Choose the drive you want to encrypt and click ‘Turn on BitLocker’.
3. Choose Encryption Method: On the ‘How do you want to unlock your drive?’ screen, ensure ‘Use a password to unlock the drive’ is selected. This generally enables AES-NI.

   Note: If you have a TPM (Trusted Platform Module), Bitlocker will also use it for security.

4. Run Compatibility Check: Follow the on-screen instructions and let Bitlocker run its compatibility check. This process will attempt to enable hardware encryption if possible.

Troubleshooting

• TPM Issues: If you have a TPM, ensure it’s enabled in your BIOS/UEFI settings and that the drivers are up-to-date.
• BIOS Settings: Some BIOSes have options to specifically enable or disable AES hardware acceleration. Check your motherboard manual for details.
• Driver Updates: Ensure you have the latest chipset and storage controller drivers installed from your motherboard manufacturer’s website.