Intel AES-NI For Full Disk Encryption
The Threaded I/O Tester result had not improved with eight threads of 64MB random writes when using AES-NI, but the CPU usage was measurably lower.
The CPU usage when carrying out a 8GB write with IOzone on the encrypted Ubuntu LVM was also noticeably lower when using Intel AES-NI.
While the Ubuntu home directory encryption feature with eCryptfs may not be beneficial at this point with Intel AES-NI, full-disk encryption with Intel AES-NI using dmcrypt is noticeably better. Several of the benchmarks produced dramatically better results with AES-NI while at the same time delivering lower CPU usage. AES-NI appears to be a huge win if planning to encrypt your entire disk using this feature found in Ubuntu's alternate installer. Canonical is currently looking into whether eCryptfs has bugs/issues regarding the AES-NI implementation or why it's not benefiting from the AES instruction set as much as dmcrypt.
Many Intel Gulftown, Clarkdale, Arrandale, and Sandy Bridge CPUs, but not all within these product families support the AES instruction set. All Intel Ivy Bridge CPUs should be supported and it appears AMD's just-launched FX "Bulldozer" CPUs should be capable of handling AES-NI too, assuming an AMD kernel module is released that implements the functionality. As mentioned in the earlier AES-NI article, looking for "aes" within /proc/cpuinfo can reveal whether your CPU supports this feature.
If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal or Stripe tips are also graciously accepted. Thanks for your support.
