Validating AES hardware encryption & decryption on Linux

The Intel Advanced Encryption Standard (AES) or New Instructions (AES-NI) enables hardware encryption and decryption. “AES” is an extension to the x86 instruction set architecture for microprocessors from Intel and AMD.

Supported CPUs:

  1. Intel Westmere/Westmere-EP (Xeon 56xx)/Clarkdale (except Core i3, Pentium and Celeron)/Arrandale(except Celeron, Pentium, Core i3, Core i5-4XXM).
  2. Intel Sandy Bridge cpus (except Pentium, Celeron, Core i3).
  3. Intel mobile Core i7 and Core i5.
  4. Intel Ivy Bridge processors All i5, i7, Xeon and i3-2115C only.
  5. Intel Haswell processors (all except i3-4000m, Pentium and Celeron).
  6. AMD Bulldozer/Piledriver/Steamroller/Jaguar/Puma-based processors.
  7. AMD Geode LX processors.
  8. VIA PadLock (a different instruction set than Intel AES-NI but does the same thing at the end of the day).
  9. ARM – selected Allwinner and Broadcom using security processor. There are few more ARM based processor.

AES support should be automatically enabled by Linux if the detected processor is among the supported list as above.

Checking for Intel or AMD AES:

# grep -o aes /proc/cpuinfo
# grep -m1 -o aes /proc/cpuinfo
“aes” indicates AES support enabled by Linux

Checking AES modules are loaded into Linux kernel

# sort -u /proc/crypto | grep module

Verify “aes” and “aesni_intel” are loaded

module       : aesni_intel
module       : aes_x86_64

Several hardware vendors ship server BIOS configurations with AES-NI extensions disabled. A BIOS update or settings change maybe necessary to enable this support. Once enabled, Linux module support should be automatic.

Testing if Padlock or AES-NI engine is operational:
$ openssl engine

VIA chipset motherboard:

(padlock) VIA PadLock (no-RNG, no-ACE)
(dynamic) Dynamic engine loading support

Intel chipset motherboard:
$ openssl engine
(aesni) Intel AES-NI engine
(dynamic) Dynamic engine loading support

Performance Tests: server (A) has AES-NI support while server (B) does not have hardware encryption:

# dd if=/dev/zero count=1000 bs=1M | ssh -l root -c aes128-cbc serverA "cat >/dev/null"
1048576000 bytes (1.0 GB) copied, 10.6691 s, 98.3 MB/s

# dd if=/dev/zero count=1000 bs=1M | ssh -l root -c aes128-cbc serverB "cat >/dev/null"
1048576000 bytes (1.0 GB) copied, 31.6675 s, 33.1 MB/s

Leave a comment