Makes me wonder what else is using some form of crypto offload that inline would replace and raise performance on?

Maybe this is a silly question... Why disk encryption on a server? I thought this was a protection for "data at rest", e.g. a powered off laptop, unmounted disk, etc

EDIT: Got several good answers to this, thanks

There are all sort of risks including protecting data from theft for a server

Anyone got a way to email the author? I'm curious how their changes effect ARM. I don't believe they have the same FPU context issues for their crypto instructions. Then again the ARM crypto modules may be labled differently.

"Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.

... assuming these patches aren't actually faster than unencrypted drives, of course.

Many regulated industries (I work in clinical research software) basically require all sensitive data to be encrypted at rest, regardless of the type of system it's on. This is especially important if you're renting hosting space from a 3rd party (e.g. Azure, AWS, Rackspace, etc). If the disks are unencrypted there is a possibility, however small, that one of their staff or cleaning crew could pull a drive and run off with the PHI for all of your patients (or bank account/credit card information as another example) .... which would be a really bad day for a lot of people. Same goes for physical desktops, laptops, whatever.

All sensitive data should always be treated as if someone was about to yank the drive and sell it on the black market. If it's always encrypted, the loss of a disk is annoying, but not a company-ending event that also sends some of the management to jail.

Got it. I guess that would make sense as I imagine Cloudflare probably leases rack space from ISPs and other third parties to have their servers as "close" to the end user as possible. No way for them to be 100% sure who comes in and out of those data centers.

Cloudflare does not make that claim, and also check their blog post https://blog.cloudflare.com/speeding...sk-encryption/

I took a look but it's 20 pages of rambling and text output, so TLDR.

In any case, that's exactly what I implied there - it's most likely Michael's clickbait title which should be addressed.