Faster AES-GCM & AES-XTS Crypto For AMD CPUs With Linux 6.14

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67400

    Faster AES-GCM & AES-XTS Crypto For AMD CPUs With Linux 6.14

    Phoronix: Faster AES-GCM & AES-XTS Crypto For AMD CPUs With Linux 6.14

    Eric Biggers of Google who has pursued countless CPU optimizations within the Linux kernel's crypto subsystem over the years has some noteworthy optimizations coming for AMD processors with the upcoming Linux 6.14 kernel cycle...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • pWe00Iri3e7Z9lHOX2Qx
    Senior Member
    • Jul 2020
    • 1607

    #2
    Has anyone benchmarked impacts to ZFS native encryption with the previous AES-GCM changes?

    Comment

    • sophisticles
      Senior Member
      • Dec 2015
      • 2617

      #3
      Fine, I will ask the obvious question.

      Considering that many within the OSS community express strong anti-Google sentiment due to perceived "spying" and data collection, why would you trust anything made by a Google engineer especially when it comes to the crypto subsystem of Linux?

      Of course this goes to the larger question of why trust Linux at all considering the main contributors are Intel, MS and Google engineers and both the Linux Foundation's Board of Directors and its Board of Technical Advisors are staffed with employees of these companies?

      Genuinely want to understand the mental gymnastics it takes to not trust Google but trust an OS funded and developed in part by them and trust crypto patches submitted by them.

      Comment

      • Chugworth
        Senior Member
        • Feb 2019
        • 391

        #4
        Originally posted by sophisticles View Post
        Fine, I will ask the obvious question.

        Considering that many within the OSS community express strong anti-Google sentiment due to perceived "spying" and data collection, why would you trust anything made by a Google engineer especially when it comes to the crypto subsystem of Linux?

        Of course this goes to the larger question of why trust Linux at all considering the main contributors are Intel, MS and Google engineers and both the Linux Foundation's Board of Directors and its Board of Technical Advisors are staffed with employees of these companies?

        Genuinely want to understand the mental gymnastics it takes to not trust Google but trust an OS funded and developed in part by them and trust crypto patches submitted by them.
        So what OS do you use then? I'd like to know which one is completely trustworthy.

        Sure it's best to maintain some level of distrust in code from the big corporations (and really everybody). But at the very least, you want code that's open for the world to see.

        Comment

        • CharlieB
          Junior Member
          • Dec 2024
          • 4

          #5
          Question:
          Is AES encryption engine on modern Zen4/5 desktop machines fast enough to crunch the traffic of say 5 M.2 PCIe4 sticks in RAID-5 without sweating the CPU or bottlenecking the I/O bandwidth ? 🙄

          Comment

          • overtly6804
            Junior Member
            • Dec 2024
            • 6

            #6
            Originally posted by CharlieB View Post
            Question:
            Is AES encryption engine on modern Zen4/5 desktop machines fast enough to crunch the traffic of say 5 M.2 PCIe4 sticks in RAID-5 without sweating the CPU or bottlenecking the I/O bandwidth ? 🙄
            No. It's barely enough for a good single PCIe4 drive full bandwidth. Or perhaps you were being sarcasatic? Kernel 6.10 had a nice 50% boost which was quite noticeable. I was thinking about getting a PCIe5 drive but I forgot about this. It seems pointless since I use LUKS.

            I am not sure what a Zen 5 will do but my 7950X tops out: aes-xts 256b 6671.7 MiB/s
            You can run cryptsetup benchmark to check.

            Comment

            • overtly6804
              Junior Member
              • Dec 2024
              • 6

              #7
              Originally posted by overtly6804 View Post

              No. It's barely enough for a good single PCIe4 drive full bandwidth. Or perhaps you were being sarcasatic? Kernel 6.10 had a nice 50% boost which was quite noticeable. I was thinking about getting a PCIe5 drive but I forgot about this. It seems pointless since I use LUKS.

              I am not sure what a Zen 5 will do but my 7950X tops out: aes-xts 256b 6671.7 MiB/s
              You can run cryptsetup benchmark to check.
              Not sure what bandwidth RAID 5 gets you but Zen 5 is a champ at AES-XTS. More than double Zen 4, can handle PCIe5:
              OpenBenchmarking.org, Phoronix Test Suite, Linux benchmarking, automated benchmarking, benchmarking results, benchmarking repository, open source benchmarking, benchmarking test profiles

              Comment

              • [deXter]
                Phoronix Member
                • Aug 2011
                • 50

                #8
                Originally posted by sophisticles View Post
                Fine, I will ask the obvious question.

                Considering that many within the OSS community express strong anti-Google sentiment due to perceived "spying" and data collection, why would you trust anything made by a Google engineer especially when it comes to the crypto subsystem of Linux?
                Because it has nothing to do with trust, but the fact the code is opensource and peer-reviewed. So there's little chance of Google doing anything funny and getting away with it. That is not to say that something can't silp past the reviewers, but if it did it be a very bad look for Google - they depend very heavily on Linux and other FOSS projects, so it'd be in their best interest to play nice.

                Comment

                • sophisticles
                  Senior Member
                  • Dec 2015
                  • 2617

                  #9
                  Originally posted by [deXter] View Post
                  Because it has nothing to do with trust, but the fact the code is opensource and peer-reviewed. So there's little chance of Google doing anything funny and getting away with it. That is not to say that something can't slip past the reviewers, but if it did it be a very bad look for Google - they depend very heavily on Linux and other FOSS projects, so it'd be in their best interest to play nice.
                  This is an argument that has been made in favor of open source for decades, yet it fails for the following reasons:

                  1) There is no one peer reviewing it. This code is made by Google and mainlined by Linus, you are assuming that Linus, an employee of The Linux Foundation, that gets about 2 million a year in salary, would not turn a blind eye to any shenanigans.

                  2) You are greatly over estimating the skills of those involved in any peer review. A few days ago Michael published an article about a bug that resulted from the parameters of a function being passed in the wrong order and it took them 3 weeks to discover a mistake that a high school kid would not make.

                  3) There are numerous examples of open source projects containing major bugs and security vulnerabilities for decades and the recent XZ fiasco should have been a wake up call for all open source advocates.

                  Comment

                  • sophisticles
                    Senior Member
                    • Dec 2015
                    • 2617

                    #10
                    Originally posted by Chugworth View Post
                    So what OS do you use then? I'd like to know which one is completely trustworthy.

                    Sure it's best to maintain some level of distrust in code from the big corporations (and really everybody). But at the very least, you want code that's open for the world to see.
                    I use both Windows 10 and Manjaro with the Cinnamon DE.

                    The code being open for everyone to see is of little use when the following conditions exist:

                    1) Even experienced programmers may not know what they are looking at. A few days ago there was an article about a bug that lasted for 3 weeks that was caused by passing arguments in the wrong order. A mistake that a kid in grammar school might make lasted for 3 weeks in a project overseen by people with Masters and Doctorate degree in Comp Sci.

                    2) You are assuming that the people looking at it are looking at it for benign reasons and not for a way to exploit it.

                    3) You're assuming that the people that created the software know what they are doing. Remember the memory leak in Gnome that lasted for 10 years of the security hole in X11 that was there for 35 years?

                    4) You are assuming that the people that created the software did not plant cleverly hidden backdoor. Remember the XZ debacle?

                    Comment

                    Working...
                    X