Linux 6.10 Makes AES-XTS Disk/File Encryption Much Faster For Modern Intel/AMD CPUs
The work written about one month ago on Phoronix for much faster AES-XTS on modern Intel/AMD CPUs for speeding up disk and file encryption by as much as 155% with AMD Zen 4 CPUs has been submitted for Linux 6.10! As expected, this work providing new AES-XTS implementations for modern x86_64 processors is going into Linux 6.10 as part of the crypto subsystem updates.
Eric Biggers of Google pursued new AES-XTS implementations for modern AMD and Intel processors. The new AES-XTS implementations are for AES-NI + AVX, VAES + AVX2, VAES + AVX10/256, and VAES + AVX10/512. Intel/AMD CPUs supporting VAES as well as AVX-512 are the biggest winners... The gains are very worthwhile for recent Intel and AMD processors and will be impactful for disk/file encryption:
This is really great work for modern x86_64 CPUs on Linux 6.10. In addition to that work by Eric Biggers, the crypto subsystem updates for Linux 6.10 now forbid curves with an order less than 224 bits in ECC (FIPS 186-5), an ECDSA NIST P521 implementation, Intel QAT live migration support, DMA support for AES requests on StarFive hardware, and a NVIDIA Tegra Security Engine driver has been merged.
The NVIDIA Tegra Security Engine driver was contributed by NVIDIA engineers directly and allows for accelerating various crypto algorithms.
All of the crypto subsystem updates for the Linux 6.10 merge window can be found via this pull request.
Eric Biggers of Google pursued new AES-XTS implementations for modern AMD and Intel processors. The new AES-XTS implementations are for AES-NI + AVX, VAES + AVX2, VAES + AVX10/256, and VAES + AVX10/512. Intel/AMD CPUs supporting VAES as well as AVX-512 are the biggest winners... The gains are very worthwhile for recent Intel and AMD processors and will be impactful for disk/file encryption:
This is really great work for modern x86_64 CPUs on Linux 6.10. In addition to that work by Eric Biggers, the crypto subsystem updates for Linux 6.10 now forbid curves with an order less than 224 bits in ECC (FIPS 186-5), an ECDSA NIST P521 implementation, Intel QAT live migration support, DMA support for AES requests on StarFive hardware, and a NVIDIA Tegra Security Engine driver has been merged.
The NVIDIA Tegra Security Engine driver was contributed by NVIDIA engineers directly and allows for accelerating various crypto algorithms.
All of the crypto subsystem updates for the Linux 6.10 merge window can be found via this pull request.
14 Comments