11

My Linux server spends a lot of time computing LUKS encryption. Is there any way to hardware accelerate it (with a PCI express card for example)?

Wesley
  • 32,320
  • 9
  • 80
  • 116
Glendyr
  • 601
  • 2
  • 7
  • 12
  • 1
    Depending on what kind of system you have now, a faster/better processor might do. Also, define "much time". – Sven Aug 14 '11 at 19:36
  • It's 1/3 speed of normal I/O operation. I don't happy to waste the 2/3 of the speed beause of encryption. It's Ubuntu Server. – Glendyr Aug 14 '11 at 19:53
  • 1
    What is your processor? The last models of Intel has AES-NI and VIA has had cryptographic hardware for years. Intel (I dont' know AMD) has especial optimizations for AES http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html . – Rufo El Magufo Aug 14 '11 at 20:05

3 Answers3

15

Beginning with Kernel 2.6.32 the AES-NI instructions on newer Intel processors are supported by dm-crypt. You might want to check /proc/cpuinfo if your processor supports these instructions. Otherwise, upgrading your processor will speed up your harddisk encryption (provided you are actually using AES encryption)

More info: http://en.wikipedia.org/wiki/AES_instruction_set

user144437
  • 805
  • 7
  • 6
Sarek
  • 366
  • 2
  • 3
  • 9
3

AESNI is hardware acceleration for AES encryption. As long as your LUKS/dmcrypt is setup to use AES, which it most likely is, and so long that your processor supports it, you can add the AESNI kernel module manually or automatically.

Manual (test to make sure it works/is supported)

  • sudo modprobe aesni-intel

Automatic

  • sudo vim /etc/initramfs-tools/modules
    • Add aesni_intel
  • sudo update-initramfs -u

You want to add it to your initramfs, and not just your normal kernel because you want it to be available before you decrypt your drive and load your main kernel.

Community
  • 1
earthmeLon
  • 175
  • 5
  • **Note** Most (if not all) Intel i3's *do not* support AESNI. You can check by looking for "aes" in /proc/cpuinfo: `grep aes /proc/cpuinfo`. – earthmeLon May 26 '13 at 17:08
  • Does this work for **AMD** processors which support AES ? I ran the command @earthmeLon says and it says my AMD A8-4500M supports AES – Suici Doga Jul 07 '16 at 02:31
0

To my knowledge, there are no such add-on cards for dm-crypt/luks encrypion. DM doesn't support them.

That said, it does look like there is a move afoot to get GPU-acceleration into the processing pipeline if it is available. As servers still rarely have GPUs in them (though that's changing) this may not be that useful for you.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296