AES-NI: Hardware Encryption in your Processor

Not long ago, I had to sit through an Intel marketing presentation. Now, I like Intel. I’ve got at least 4 running Intel processors in my apartment. However, I dislike marketing presentations. And this one was a doozy. Had I known any missile launch codes or the location of the secret rebel base, I would have given them up 10 minutes into it. It was PowerPoint waterboarding.

You have my undivided attention. Not by choice.

There was one part of the presentation that did pique my interest: AES-NI. The marketing person giving the presentation didn’t know much about it, so I did some exploring and found an Intel engineer to get some more info. It’s actually quite awesome.

AES-NI is an instruction set added to newer Intel processors that accelerate certain symmetric cryptographic functions, particularly those related to AES. It’s been making its way incrementally into Intel’s processors (desktop, server, mobile).  Intel’s Xeon server processors got them in the 5600 series, however they were not in the 7600 series. The new E7 processors has it, including their new 10-core monster.

One of the earliest lines of processors to get AES-NI was Intel’s laptop processors, which is great for those that encrypt their hard drives. Mac OS X Lion uses the AES-NI extensions automatically if available for File Vault 2 (File Fault 1 in Snow Leopard doesn’t use it), as well as Windows 7’s BitLocker.  You can have Linux use AES-NI for file system encryption as well. The desktop processors are now starting to get AES-NI as well. It removes most of the performance penalty that you get with file system/disk encryption.  My i5-based MacBook Air has the entire hard drive encrypted, and with the AES-NI and the fact that it’s an SSD drive, the performance is amazing.

To see how much faster AES-NI operations are, I ran a quick and dirty test using OpenSSL on Ubuntu Server 11.04 with a i5-2300 processor. The built-in version had AES-NI support compiled into it, and I compiled a version that didn’t include the hooks. The command I ran was openssl speed -evp aes-128-cbc.

The trick is that the software must be told to use the AES-NI instruction set. You can check to see if OpenSSL has AES-NI support built-in by running the command openssl engine. It should list aesni.

openssl engine
(aesni) Intel AES-NI engine
(dynamic) Dynamic engine loading support

Note: That doesn’t mean that AES-NI is available in your processor. That’s a bit harder to determine. Check your CPU model number to see if it’s supported.

An important note, if you’re running VMware or other hypervisor, AES-NI does get passed down to the guest virtual machines. The tests above were done on an Ubuntu VM running inside of ESXi 5.0 (should work with other hypervisors too).

Another benefit is that since it’s in hardware, the algorithms can’t be tampered with. One possible vector would be to have a software library (such as OpenSSL) replaced with a rouge library, that compromises your encryption in some way.

Right now, no AMD processor has this feature (some old Via chips had something similar called Padlock), although the upcoming Bulldozer processors should get it, although I don’t know if it will be a compatible instruction set.

AES-NI is an relatively unknown enhancement, and it should be getting more attention.

4 Responses to AES-NI: Hardware Encryption in your Processor

  1. Pingback: Technology Short Take #14 - - The weblog of an IT pro specializing in virtualization, storage, and servers

  2. Ken S says:

    Great post re AES-NI ! – One of our software vendors just implemented an update that encrypts all TCP socket traffic between the 100+ servers in their system, and we’ve found that its not working so well on servers with older processors without AES-NI { }

    Re you note “…if you’re running VMware or other hypervisor, AES-NI does get passed down to the guest virtual machines.” – Can you provide a reference for this statement? We have been looking to P2V these servers but with our new HEAVY reliance on AES-NI we may need to change our plans.

  3. tonybourke says:

    Hi Ken,

    AES-NI is treated like SSE/SSE2, etc., so it will get passed down. I don’t have a particular reference to it, only the test I performed with Ubuntu running in VMware (ESXi 5.0) and my understanding of VMware.

    You do have to be careful though if you’re running dissimilar processors in a cluster, as one of the tricks you need to do to get vmotion comparability is turning off certain features in the processors, so that all the processors in the cluster have the same set of features.


  4. Ken S says:

    Thx! – On my 1st read of your note my mind had put a NOT in the middle of the statement “AES-NI does get passed down to the guest virtual machines” which had the potential to be a very big problem for us. As it is, we only have a mild problem as less than 1/2 of our current Physical servers have AES-NI capable processors.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: