1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

Intel AES-NI For Ubuntu Home Encryption

Michael Larabel

Published on 6 October 2011
Written by Michael Larabel
Page 1 of 7 - 6 Comments

Supported by modern Intel processors is the AES instruction set, which is designed to improve the speed of encryption and decryption on the CPU for AES, the Advanced Encryption Standard. Under Ubuntu Linux, even for supported hardware, the Intel AES-NI capability is not taken advantage of when enabling its data encryption feature. The Intel AES-NI support can be easily enabled, but what is the impact on performance? Here are some benchmarks.

Last month was an article entitled Ubuntu 11.10 Home Encryption Performance, which looked at the performance impact of using the home folder data encryption feature on the soon-to-be-released Ubuntu 11.10. For older hardware (Core 2 Duo with a mobile HDD) the impact of encrypting the user's home directory varied from 10~20% with heavy disk workloads. Using an Intel Sandy Bridge (Core i5) notebook with an Intel SSD caused less of an impact compared to no encryption at all. One of the emails that came in following last month's article was from Canonical's Dustin Kirkland.

Thanks for the update to the eCryptfs article. I'm pleased with the positive results, obviously.

One suggestion, for a followup... I've done just a little bit of sniff testing with the AES-NI acceleration that's built into some of the newer Intel chips (I think that HP with the i5 should have it).

eCryptfs uses the aes-ni acceleration if the module is loaded, but we (Ubuntu) are not loading that module by default. In my basic testing, I got some pretty inconclusive results, with the "acceleration" performing worse than non-accelerated in some cases. That could be due to a bad aes-ni implementation in the kernel? Or, perhaps it only really helps to offload a busy CPU.

In any case, I'd be interested in seeing a pair of benchmarks, one with your eCryptfs encrypted home and the stock (no aes-ni), and then a second set of tests after modprobing aesni-intel. Any interest in running those tests and hitting us up with the feedback?

Ask for interesting tests, and you shall receive. This article is looking at that the Intel AES-NI acceleration with Ubuntu eCryptfs home encryption. Testing was done with an Ubuntu 11.10 daily snapshot from 5 October 2011. For simplicity (and since the notebook was conveniently ready when arriving back from Oktoberfest), the same HP EliteBook with an Intel Core i5 2520M (Sandy Bridge) with Intel 160GB X-25 SSD was used for this AES-NI comparison.

The AES-NI instruction set has been supported by Intel CPUs going back to the Clarkdale/Arrandale family, but there are some exceptions in the models that support this new acceleration instruction set. The AES-NI support continues with Sandy Bridge (there are some unsupported models here too) and should be fully supported across all Ivy Bridge CPUs. The Core i5 2520M supports the AES New Instructions. The AES support can also be checked via the flags from /proc/cpuinfo under Linux. The Linux cryptography support can also be checked from /proc/crypto to ensure aesni-intel is loaded. With the default Phoronix Test Suite test location being within ~/.phoronix-test-suite/, all tests are being executed from within the encrypted home area.

The clean Ubuntu 11.10 snapshot was tested in its default configuration with home encryption enabled and then after loading the "aesni-intel" kernel module before logging into the encrypted user account. The Intel AES-NI instructions have been supported under Linux going back to early 2009.

As far as the slated improvements for AES-NI, Intel documentation provides the following:

The performance improvement expected with the use of AES-NI would depend on the applications and how much of the application time is spent in encryption and decryption. At the algorithm level, using AES-NI can provide significant speedup of AES. For non-parallel modes of AES operation such as CBC-encrypt AES-NI can provide a 2-3 fold gain in performance over a completely software approach. For parallelizable modes such as CBC-decrypt and CTR, AES-NI can provide a 10x improvement over software solutions.

Since the Sandy Bridge processor is already quite fast, this encryption comparison was done with all four threads enabled (two cores + Hyper Threading) and then when disabling the Hyper Threading and multi CPU support from the BIOS, so that only a single processing thread was available. The first of these results are with the stock settings (all four threads available). During the testing process, the Phoronix Test Suite also monitored the CPU usage automatically (by setting the MONITOR=cpu.usage environmental variable prior to starting the phoronix-test-suite client).

<< Previous Page
1
Latest Linux Hardware Reviews
  1. Rosewill RS-MI-01: An Ultra Low-Cost Mini-ITX Chassis
  2. D-Link DCS-2330L HD Wireless Network Camera
  3. Gigabyte AM1M-S2H
  4. AMD's New Athlon/Semprons Give Old Phenom CPUs A Big Run For The Money
Latest Linux Articles
  1. AMD Catalyst 14.4 Brings Few Linux Performance Improvements
  2. The Performance Of Fedora 20 Updated
  3. Clang Fights GCC On AMD's Athlon AM1 APU With Jaguar Cores
  4. Ubuntu 14.04 LTS vs. Oracle Linux vs. CentOS vs. openSUSE
Latest Linux News
  1. Valve Is Bringing VOGL To Windows & Working On Regression Tests
  2. Canonical Is Taking Over Linux 3.13 Kernel Maintenance
  3. Google Web Designer Is Now Natively Available On Linux
  4. Ubuntu 14.10 Is Codenamed The Utopic Unicorn
  5. Audacious 3.5 Lightweight Audio Player Released
  6. Steam Updated For Ubuntu 14.04 LTS, SteamOS
  7. DNF 0.5 Yum Replacement Now Supports Groups
  8. Red Hat Enterprise Linux 7.0 Is Looking Fantastic
  9. Intel Is Launching An Interesting Bay Trail NUC Next Week
  10. Another X.Org EVoC Proposed For OpenGL 4+ Tests
  11. The Best Features Coming With Qt 5.3
  12. Red Hat's RHEL7 RC ISO Is Now Publicly Available
Latest Forum Discussions
  1. The Most Amazing OpenGL Tech Demo In 64kb
  2. Announcing radeontop, a tool for viewing the GPU usage
  3. HTPC-upgrade advice: AMD Richland A8-7600 or Kaveri A10-6700T ???
  4. New card. Open source drivers only.
  5. The GNOME Foundation Is Running Short On Money
  6. Linux Kernel Developers Fed Up With Ridiculous Bugs In Systemd
  7. Script for Fan Speed Control
  8. Torvalds Is Unconvinced By LTO'ing A Linux Kernel