Linux 6.10 AES-XTS For Disk/File Encryption As Much As ~155% Faster For AMD Zen 4 CPUs

Written by Michael Larabel in Linux Kernel on 8 April 2024 at 12:52 PM EDT. 28 Comments
For those making use of AES-XTS crypto for the likes of disk and file encryption on x86_64 CPUs, the upcoming Linux 6.10 kernel cycle is bringing some very tantalizing improvements especially if you are running recent AMD and Intel processors. With AMD Zen 4 processors the benefits can be as much as 155% faster while even Intel Ice Lake and Sapphire Rapids server processors can enjoy 127~151% faster AES-XTS-256.

Eric Biggers with Google has been working on new AES-XTS implementations for newer AMD and Intel x86_64 processors. There are new implementations for AES-NI + AVX, VAES + AVX2, VAES + AVX10/256, and VAES + AVX10/512. The new implementations are most impactful for CPUs with Vector AES Instructions (VAES) found on Intel Icelake and newer or AMD Zen 3 and newer, but to a lesser extent the AES-NI paired with AVX can provide some wins too for older processors.

AMD Zen 4 CPUs

The biggest AES-XTS performance improvements are understandably those CPUs with AVX-512 support. But even for AVX-512 enabled processors, the new crypto code is avoiding ZMM register use on certain Intel CPUs (such as Ice Lake) to avoid CPU frequency downclocking. With these patches now slated for introduction in the Linux 6.10 kernel, they will be automatically used with the best AES-XTS implementation being chosen based on the CPU model in use.

AES-XTS benefits by CPU geneation

The biggest winner out of this AES-XTS performance work is AMD Zen 4 considering the AVX-512 support, not impacted by any down-clocking like with older Intel CPUs, and that AVX-512 support being found across all Zen 4 cores from the Ryzen 7000 series through the EPYC 8004/9004 series server processors. Tests by Eric Biggers during the patch review series show AMD Zen 4 enjoying a 155% improvement for 4096-byte messages with AES-256-XTS or 117% with 512-byte messages. Intel Sapphire Rapids comes closely behind those Zen 4 results.

AES-XTS performance benefits by implementation

These new x86_64 AES-XTS implementations were queued this past week into the cryptodev Git branch making it material for the upcoming Linux 6.10 kernel merge window that kicks off in mid-May. Both encryption and decryption similarly benefit from these new implementations.

AES-XTS patches in cryptodev

This is great news for AES-XTS file and disk encryption performance on newer AMD/Intel CPUs. Linux 6.9 won't be out as stable for another month but already a lot of interesting work is beginning to queue for Linux 6.10 that will be hitting systems as we enter the second half of the year.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week