1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

Intel AES-NI For Ubuntu Home Encryption

Michael Larabel

Published on 6 October 2011
Written by Michael Larabel
Page 1 of 7 - 6 Comments

Supported by modern Intel processors is the AES instruction set, which is designed to improve the speed of encryption and decryption on the CPU for AES, the Advanced Encryption Standard. Under Ubuntu Linux, even for supported hardware, the Intel AES-NI capability is not taken advantage of when enabling its data encryption feature. The Intel AES-NI support can be easily enabled, but what is the impact on performance? Here are some benchmarks.

Last month was an article entitled Ubuntu 11.10 Home Encryption Performance, which looked at the performance impact of using the home folder data encryption feature on the soon-to-be-released Ubuntu 11.10. For older hardware (Core 2 Duo with a mobile HDD) the impact of encrypting the user's home directory varied from 10~20% with heavy disk workloads. Using an Intel Sandy Bridge (Core i5) notebook with an Intel SSD caused less of an impact compared to no encryption at all. One of the emails that came in following last month's article was from Canonical's Dustin Kirkland.

Thanks for the update to the eCryptfs article. I'm pleased with the positive results, obviously.

One suggestion, for a followup... I've done just a little bit of sniff testing with the AES-NI acceleration that's built into some of the newer Intel chips (I think that HP with the i5 should have it).

eCryptfs uses the aes-ni acceleration if the module is loaded, but we (Ubuntu) are not loading that module by default. In my basic testing, I got some pretty inconclusive results, with the "acceleration" performing worse than non-accelerated in some cases. That could be due to a bad aes-ni implementation in the kernel? Or, perhaps it only really helps to offload a busy CPU.

In any case, I'd be interested in seeing a pair of benchmarks, one with your eCryptfs encrypted home and the stock (no aes-ni), and then a second set of tests after modprobing aesni-intel. Any interest in running those tests and hitting us up with the feedback?

Ask for interesting tests, and you shall receive. This article is looking at that the Intel AES-NI acceleration with Ubuntu eCryptfs home encryption. Testing was done with an Ubuntu 11.10 daily snapshot from 5 October 2011. For simplicity (and since the notebook was conveniently ready when arriving back from Oktoberfest), the same HP EliteBook with an Intel Core i5 2520M (Sandy Bridge) with Intel 160GB X-25 SSD was used for this AES-NI comparison.

The AES-NI instruction set has been supported by Intel CPUs going back to the Clarkdale/Arrandale family, but there are some exceptions in the models that support this new acceleration instruction set. The AES-NI support continues with Sandy Bridge (there are some unsupported models here too) and should be fully supported across all Ivy Bridge CPUs. The Core i5 2520M supports the AES New Instructions. The AES support can also be checked via the flags from /proc/cpuinfo under Linux. The Linux cryptography support can also be checked from /proc/crypto to ensure aesni-intel is loaded. With the default Phoronix Test Suite test location being within ~/.phoronix-test-suite/, all tests are being executed from within the encrypted home area.

The clean Ubuntu 11.10 snapshot was tested in its default configuration with home encryption enabled and then after loading the "aesni-intel" kernel module before logging into the encrypted user account. The Intel AES-NI instructions have been supported under Linux going back to early 2009.

As far as the slated improvements for AES-NI, Intel documentation provides the following:

The performance improvement expected with the use of AES-NI would depend on the applications and how much of the application time is spent in encryption and decryption. At the algorithm level, using AES-NI can provide significant speedup of AES. For non-parallel modes of AES operation such as CBC-encrypt AES-NI can provide a 2-3 fold gain in performance over a completely software approach. For parallelizable modes such as CBC-decrypt and CTR, AES-NI can provide a 10x improvement over software solutions.

Since the Sandy Bridge processor is already quite fast, this encryption comparison was done with all four threads enabled (two cores + Hyper Threading) and then when disabling the Hyper Threading and multi CPU support from the BIOS, so that only a single processing thread was available. The first of these results are with the stock settings (all four threads available). During the testing process, the Phoronix Test Suite also monitored the CPU usage automatically (by setting the MONITOR=cpu.usage environmental variable prior to starting the phoronix-test-suite client).

<< Previous Page
1
Latest Linux Hardware Reviews
  1. Preview: AMD's FX-9590 Eight-Core At Up To 5.0GHz On Linux
  2. Intel Launches The Core i7 5960X, Mighty Powerful Haswell-E CPUs
  3. AMD Radeon R9 290: Gallium3D vs. Catalyst Drivers
  4. AMD Radeon R9 290 Open-Source Driver Works, But Has A Ways To Go
Latest Linux Articles
  1. Ondemand vs. Performance CPU Governing For AMD FX CPUs On Linux 3.17
  2. How Intel Graphics On Linux Compare To Open-Source AMD/NVIDIA Drivers
  3. The Fastest NVIDIA GPUs For Open-Source Nouveau With Steam Linux Gaming
  4. Testing For The Latest Linux Kernel Power Regression
Latest Linux News
  1. Marek Lands Radeon Gallium3D HyperZ Improvements
  2. Mozilla Firefox 32 Surfaces With HTML5, Developer Changes
  3. Nouveau X.Org Driver Released With DRI3+Present, Maxwell, GLAMOR
  4. Microsoft & AMD Release C++ AMP Compiler With Linux Support
  5. AMD, Wine & Valve Dominated August For Linux Users
  6. Linux 3.17-rc3 Kernel Released Back On Schedule
  7. Lennart Poettering Talks Up His New Linux Vision That Involves Btrfs
  8. Mesa 10.3 RC2 Arrives Via Its New Release Manager
  9. Ubuntu 14.10's Lack Of X.Org Server 1.16 Gets Blamed On AMD
  10. MSI Motherboard BIOS Updating Remains A Pain For Linux Users
Latest Forum Discussions
  1. Lennart Poettering Talks Up His New Linux Vision That Involves Btrfs
  2. Best Radeon for a Power Mac G5?
  3. The dangers of Linux kernel development
  4. Updated and Optimized Ubuntu Free Graphics Drivers
  5. AMD Releases UVD Video Decode Support For R600 GPUs
  6. SSD seems slow
  7. Is laptop with Intel CPU and AMD dGPU worth buying considering especially AMD Enduro?
  8. Radeon HD5670 and Ubuntu 14.04