diff --git a/nova/conf/workarounds.py b/nova/conf/workarounds.py
index 4e51c8cc79f9..0ea01be484c7 100644
--- a/nova/conf/workarounds.py
+++ b/nova/conf/workarounds.py
@@ -270,40 +270,6 @@ Related options:
 
 * ``compute_driver`` (libvirt)
 * ``[libvirt]/images_type`` (rbd)
-"""),
-    cfg.BoolOpt(
-        'disable_native_luksv1',
-        default=False,
-        deprecated_for_removal=True,
-        deprecated_since='23.0.0',
-        deprecated_reason="""
-The underlying performance regression within libgcrypt that prompted this
-workaround has been resolved as of 1.8.5
-""",
-        help="""
-When attaching encrypted LUKSv1 Cinder volumes to instances the Libvirt driver
-configures the encrypted disks to be natively decrypted by QEMU.
-
-A performance issue has been discovered in the libgcrypt library used by QEMU
-that serverly limits the I/O performance in this scenario.
-
-For more information please refer to the following bug report:
-
-RFE: hardware accelerated AES-XTS mode
-https://bugzilla.redhat.com/show_bug.cgi?id=1762765
-
-Enabling this workaround option will cause Nova to use the legacy dm-crypt
-based os-brick encryptor to decrypt the LUKSv1 volume.
-
-Note that enabling this option while using volumes that do not provide a host
-block device such as Ceph will result in a failure to boot from or attach the
-volume to an instance. See the ``[workarounds]/rbd_block_device`` option for a
-way to avoid this for RBD.
-
-Related options:
-
-* ``compute_driver`` (libvirt)
-* ``rbd_block_device`` (workarounds)
 """),
     cfg.BoolOpt(
         'rbd_volume_local_attach',
diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
index 0fa9c1c72109..45b61220abf5 100644
--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@@ -118,7 +118,6 @@ from nova.virt.libvirt.storage import dmcrypt
 from nova.virt.libvirt.storage import lvm
 from nova.virt.libvirt import utils as libvirt_utils
 from nova.virt.libvirt import vif as libvirt_vif
-from nova.virt.libvirt.volume import fs as fs_drivers
 from nova.virt.libvirt.volume import volume as volume_drivers
 
 CONF = nova.conf.CONF
@@ -9039,68 +9038,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
         mock_encryptor._format_volume.assert_called_once_with(key,
                                                               **encryption)
 
-    @mock.patch.object(libvirt_driver.LibvirtDriver, '_get_volume_encryption')
-    @mock.patch.object(libvirt_driver.LibvirtDriver, '_get_volume_encryptor')
-    def test_connect_volume_native_luks_workaround(self,
-        mock_get_volume_encryptor, mock_get_volume_encryption):
-        self.flags(disable_native_luksv1=True, group='workarounds')
-        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-        connection_info = {'driver_volume_type': 'fake',
-                           'data': {'device_path': '/fake',
-                                    'access_mode': 'rw',
-                                    'volume_id': uuids.volume_id}}
-        encryption = {'provider': encryptors.LUKS,
-                      'encryption_key_id': uuids.encryption_key_id}
-        instance = mock.sentinel.instance
-        mock_encryptor = mock.Mock()
-        mock_get_volume_encryptor.return_value = mock_encryptor
-        mock_get_volume_encryption.return_value = encryption
-
-        drvr._connect_volume(self.context, connection_info, instance,
-                             encryption=encryption)
-
-        # Assert that the os-brick encryptors are attached
-        mock_encryptor.attach_volume.assert_called_once_with(
-            self.context, **encryption)
-
-    def test_should_disconnect_target_multi_attach_filesystem_driver(self):
-        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-        volume_driver = mock.MagicMock(
-            spec=fs_drivers.LibvirtMountedFileSystemVolumeDriver)
-        self.assertTrue(drvr._should_disconnect_target(
-            self.context, None, True, volume_driver, None))
-
-    def test_should_disconnect_target_single_attach_filesystem_driver(self):
-        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-        volume_driver = mock.MagicMock(
-            spec=fs_drivers.LibvirtMountedFileSystemVolumeDriver)
-        self.assertTrue(drvr._should_disconnect_target(
-            self.context, None, False, volume_driver, None))
-
-    @mock.patch.object(libvirt_driver.LibvirtDriver, '_get_volume_encryption')
-    @mock.patch.object(libvirt_driver.LibvirtDriver, '_get_volume_encryptor')
-    def test_disconnect_volume_native_luks_workaround(self,
-            mock_get_volume_encryptor, mock_get_volume_encryption):
-        self.flags(disable_native_luksv1=True, group='workarounds')
-        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-        drvr._host = mock.Mock()
-        drvr._host.find_secret.return_value = None
-        connection_info = {'driver_volume_type': 'fake',
-                           'data': {'device_path': '/fake',
-                                    'access_mode': 'rw',
-                                    'volume_id': uuids.volume_id}}
-        encryption = {'provider': encryptors.LUKS,
-                      'encryption_key_id': uuids.encryption_key_id}
-        instance = mock.sentinel.instance
-        mock_encryptor = mock.Mock()
-        mock_get_volume_encryptor.return_value = mock_encryptor
-        mock_get_volume_encryption.return_value = encryption
-
-        drvr._disconnect_volume(self.context, connection_info, instance)
-
-        mock_encryptor.detach_volume.assert_called_once_with(
-            **encryption)
-
     @mock.patch.object(libvirt_driver.LibvirtDriver, '_get_volume_encryptor')
     def test_disconnect_volume_luks(self, mock_get_volume_encryptor):
         drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
@@ -10309,15 +10246,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
         self.assertTrue(drvr._allow_native_luksv1({
             'provider': encryptors.LUKS}))
 
-        # Assert the disable_qemu_native_luksv workaround always returns False
-        self.flags(disable_native_luksv1=True, group='workarounds')
-        self.assertFalse(drvr._allow_native_luksv1({
-            'provider': 'nova.volume.encryptors.luks.LuksEncryptor'}))
-        self.assertFalse(drvr._allow_native_luksv1({
-            'provider': 'LuksEncryptor'}))
-        self.assertFalse(drvr._allow_native_luksv1({
-            'provider': encryptors.LUKS}))
-
     def test_multi_nic(self):
         network_info = _fake_network_info(self, 2)
         drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), True)
diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
index 8196af8afc61..fe73cd9ab8d0 100644
--- a/nova/virt/libvirt/driver.py
+++ b/nova/virt/libvirt/driver.py
@@ -1884,12 +1884,6 @@ class LibvirtDriver(driver.ComputeDriver):
     def _allow_native_luksv1(self, encryption=None):
         """Check if QEMU's native LUKSv1 decryption should be used.
         """
-        # NOTE(lyarwood): Native LUKSv1 decryption can be disabled via a
-        # workarounds configurable in order to aviod known performance issues
-        # with the libgcrypt lib.
-        if CONF.workarounds.disable_native_luksv1:
-            return False
-
         # NOTE(lyarwood): Ensure the LUKSv1 provider is used.
         provider = None
         if encryption:
diff --git a/releasenotes/notes/libvirt-workarounds-disable_native_luksv1-18773636b414970e.yaml b/releasenotes/notes/libvirt-workarounds-disable_native_luksv1-18773636b414970e.yaml
new file mode 100644
index 000000000000..5cf746a3baee
--- /dev/null
+++ b/releasenotes/notes/libvirt-workarounds-disable_native_luksv1-18773636b414970e.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The ``[workarounds]disable_native_luksv1`` workaround configurable has been
+    removed after previously being deprecated during the Wallaby (23.0.0)
+    release.