Intel AES-NI For Full Disk Encryption

Written by Michael Larabel in Software on 12 October 2011 at 08:29 AM EDT. Page 1 of 5. 9 Comments.

Last week I published benchmark results of using Intel AES-NI for Ubuntu home directory encryption, but the benefits of using this new x86 instruction set found on the latest Intel and AMD (as of today's Bulldozer launch) processors was minimal for this eCryptfs-based solution. Continuing in the AES-NI investigation under Linux, today are benchmark results when using AES-NI for full-disk encryption with dmcrypt.

These new AES-NI Linux results are a continuation of last week's results from the same Intel Sandy Bridge system. Using the same Ubuntu 11.10 "Oneiric Ocelot" snapshot, the alternate installer was used while enabling the encrypted full-disk LVM option, which utilizes dmcrypt and has been supported by Ubuntu Linux going back to Ubuntu 7.10. Besides using this option to encrypt the entire EXT4 file-system, this was a stock install of Ubuntu 11.10.

The performance of full disk encryption was compared with and without using the "aesni-intel" kernel module, which allows for the AES-NI instruction set to be utilized on the latest Intel hardware supporting AES. The results from last week's AES-NI eCryptfs home directory encryption testing are also included for reference.

Via the Phoronix Test Suite, the CPU usage was also monitored during the disk benchmarking process.

Related Articles