Cloud Hosting

A major change is coming to the next Windows 11 update to make PCs more secure. But it might also cause some equally major headaches. The upcoming Windows 11 24H2 version will reportedly enable BitLocker drive encryption for most computers. This will apply to fresh installs and reinstallations, and disabling BitLocker is a bit of a pain.

Microsoft began pushing BitLocker with the Windows 11 23H2 update, which made BitLocker the default for new installations on supported systems. With 24H2, that setting expands to reinstallations on any system that has run 24H2 or later. The details are still limited as the final software hasn't rolled out, but some Windows 11 Home machines could be spared from the requirement.

The new BitLocker default relies on the UEFI encryption flag. If a PC manufacturer has set that flag, Windows 11 24H2 will require BitLocker. In addition, after installing 24H2, many systems will flip that flag on, meaning all future reinstallations will require BitLocker. A DIY machine should give you control over that flag, so people who build their own systems should be able to avoid BitLocker.

Microsoft first released BitLocker with Windows Vista in 2004, and like most Windows software at the time, it wasn't very good. It was buggy and slow, and it only supported encrypting the system partition. BitLocker has been improved over the years, and you can now encrypt any partition in your PC with relatively little annoyance.

The upshot of BitLocker is that your files remain secure if someone tries to extract your data or even physically removes a storage device and plugs it into another machine. BitLocker also works with Trusted Platform Modules (TPM) to verify data integrity on boot. If Microsoft had been planning to implement BitLocker more widely, that could explain the strict requirement for Windows 11 machines to have a TPM.

You can turn on BitLocker on any Windows 11 machine, but Microsoft is making it a default setting going forward. Credit: Microsoft

This is admittedly a more modern way for users to store data. Android and iOS mobile devices implemented encryption by default several years ago, which made law enforcement none too happy. On the other hand, encryption has a computational cost, mainly when dealing with large volumes and files. Tom's Hardware says BitLocker can reduce SSD performance by up to 45% for some workloads. Modern CPUs have hardware acceleration for AES encryption, but the speed difference could be noticeable depending on your processor and storage device.

BitLocker is not necessarily bad, but it could be a big change for Windows users who are not used to encrypted storage. Your data could be lost if you lose your encryption key or attempt to move an encrypted drive to another system. The original report (in German) suggests using a tool like Rufus to create bootable installation media that has the BitLocker flag turned off. You can also access the command prompt during setup and use Regedit to flip the "PreventDeviceEncryption" key to 1.

View original post here:
Microsoft to Make BitLocker Encryption the Default in Next Windows 11 Build - ExtremeTech