When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

As Microsoft default-encrypts Windows 11, Linux is set to get a huge performance boost

Sitting Tux the penguin mascot of Linux

Earlier this month, we reported about an upcoming change that Microsoft is testing related to BitLocker encryption. in the upcoming Windows 11 version 24H2. The company wants to encrypt user drives by default. Although this was already a commonplace happening inside OEM PCs that run Windows 11 Pro, it looks like the same is going to happen to Home editions as well. You can read the dedicated coverage in this article here.

Interestingly, it has been found that the default software-based BitLocker encryption (XTS-AES 128, - , where XTX stands for XEX Tweakable Block Cipher with Ciphertext Stealing and AES is Advanced Encryption Standard -) on Windows, can lead to massive performance loss even on some of the fastest data drives, like a PCIe Gen4 NVMe SSD, which means users can expect some performance hit on their systems,

Meanwhile, over on Linux, Google's Eric Biggers recently started working on various tweaks to AES-XTS implementation and it was found to massively improve performance on AMD as well as Intel x86 systems.

The test results post-implementation of these changes see a huge improvement in terms of throughput data on both AMD and Intel. The biggest improvement was seen on Zen 4. We covered this in detail previously in this article.

Hence, if encryption becomes the norm, users may want to go for the superior solution, whether it's Windows or Linux. However, it is unclear at the moment how this improved performance on the Linux side will compare with Windows.

This change has now been proposed for pushing in the upcoming Linux kernel version 6.10. The patch notes says:

This update includes the following changes:


  • Remove crypto stats interface.


  • Add faster AES-XTS on modern x86_64 CPUs.
  • Forbid curves with order less than 224 bits in ecc (FIPS 186-5).
  • Add ECDSA NIST P521.


  • Expose otp zone in atmel.
  • Add dh fallback for primes > 4K in qat.
  • Add interface for live migration in qat.
  • Use dma for aes requests in starfive.
  • Add full DMA support for stm32mpx in stm32.
  • Add Tegra Security Engine driver.


  • Introduce scope-based x509_certificate allocation.

Hence, in addition to a better-optimized algorithm for AES-XTS, there appear to be several other improvements as well including DMA (direct memory access) advancements, among several other things.

Source: LKML via Phoronix

Report a problem with article
Google IO 2024
Next Article

Google I/O 2024: When and where to watch Google's latest developer conference

Google Gemini AI assistant
Previous Article

Google follows up to OpenAI's GPT-4o with new Gemini AI demo video

Join the conversation!

Login or Sign Up to read and post a comment.

20 Comments - Add comment