Has support for the Intel AES-NI hardware crypto acceleration been added to Ubuntu (LUKS, kernel, OpenSSL libs, etc)? If so, starting with which version?
Here is a list of Intel processors supporting AES-NI:
More about AES-NI:
- http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/
- http://en.wikipedia.org/wiki/AES_instruction_set#Software_supporting_AES_instruction_set
- http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html
I am mostly interested in finding out if this effectively suppresses / diminishes any performance penalties of using full disk encryption in Ubuntu.
It is supported at least since Karmic Koala on the
amd64architecture and since Natty Narwhal it is supported also on thei386architecture.You can find that out by looking at the kernel configuration files found here. Search for the term
CONFIG_CRYPTO_AES_NI_INTEL.If your root partition is LUKS-encrypted you should add
aesni-intelto/etc/initramfs-tools/modules(and runsudo update-initramfs -u -k allafterwards).Otherwise the module will be loaded too late in the boot process.
Block level kernel encryption (dm-crypt) already full supports AES-NI cryptographic acceleration.
File level kernel encryption (eCryptfs) support for AES-NI was recently merged into the Linux upstream kernel tree, and should make its way into the Ubuntu kernel soon. Perhaps 13.10?