Windows – BitLocker: Encrypt all hard drives

The best survey I have seen so far is this one: http://media-addicted.de/ssd-and-truecrypt-durability-and-performance-issues/744/

...which says overall that the impact of encryption on SSD performance is minimal and does not bring it down below spinning hard disk performance. So apparently, encrypted SSD performance is never worse than hard disk performance. However this does depend on the machine hardware, i.e. processor.

I've decided to install just Windows 7 on the machine in question and take up @Brian's suggestion to use the XP Mode.

Though I do have a XP license that I want to make use of still - I will put this on another machine - a MacBookPro, that I own, withing VirtualBox.

About the machine in the original question - it's a Toshiba NB100 netbook Atom N270, 1.6Ghz single core hyperthreaded, 2Gb RAM. I have replaced the internal SATA 5400rpm 120Gb toshiba drive that came with it with a Crucial M4 128Gb SSD. Photos to follow in disassembly.

I had already truecrypted Windows XP on this NB100 machine and was happy with the performance once booted and settled down. So my goal was to improve boot time and update to a newer OS.

I have installed Windows 7 Professional on the SDD now in this NB100 and truecrypted the whole SDD. The boot time takes anecdotally about 3-4 seconds longer than pre-Truecrypt but once booted the responsiveness seems the same pre-Truecrypt. Windows Experience Index shows no impact - screen shots to follow.

Update

The SSD died after 1 week of use, a replacement is being sent. I may or may not choose to encrypt even though there is no evidence that encryption caused the failure. I may consider alternative security measures instead of encryption here: What alternative security measures are there to full drive encryption (for performance reasons)?

Yes, you can have your OS drive automatically boot from a bitlocker'd drive without prompting for a passowrd. Mine works that way. But it requires either an activated TPM, or a bitlocker password on a USB key, or both.

Use of just the TPM means that if someone steals your drive, they can't read it - but if they steal your computer, and manage to log in, they can.

Use of just the USB key means you'll have to have the USB key plugged in when you boot.

Optinally you can use TPM + PIN, or TPM + USB. Like "just TPM" both of these lock the drive to the computer, and protect the boot environment from changes, via the TPM. They add either "something you know" (PIN) or "something you have" (USB key) to the need for the TPM.

The recovery key, in case you were wondering, bypasses the need to match the TPM... useful if you change the boot environment (while leaving BL enabled) or need to access the drive from another machine.

See "What is a BitLocker Drive Encryption startup key or PIN?" at microsoft.com , and "How to configure BitLocker with TPM, PIN, and USB StartupKey" at mrhorn.com for the detailed procedures.