ViaC7 Security Engine Encrypted Files System Performance

Via's chip supports hardware acceleration of common encryption tasks. fea-nux has a good description of how to experiment with it. The short story is that when a program wants to do AES or SHA encryption, the kernel will dynamically load some additional modules that can take advantage of the hardware engine.

The bench marks show it too.

File System Type
Write Rate    
 Read Rate
 Standard ext4
 10.7 M/Sec
 13.1 M/Sec
Encrypted ext4, no acceleration
   1.8 M/Sec   8.8 M/Sec
Encrypted ext4, acceleration on   7.9 M/Sec
 12.2 M/Sec

The real world large file data transfer rate went from 40 MB/sec to 31 MB/sec. Not too bad a hit for a LUKS protected file system. The default key is 128 bit. To brute force that requires one completely cover the surface of the planet with computers working for a 1000 years (or so i've read) After reading that I didn't feel I needed to test a 256 bit key ;-)

Some details;

It's on by default on my system, but you can turn it on and off and check like so

sudo apt-get install cryptsetup
modprobe padlock-sha
modprobe padlock-aes

Here are the raw bonnie++ results concatenated together

         ------Sequential Output------                --Sequential Input-      --Random-
           -Per Chr-    --Block--      -Rewrite-    -Per Chr-    --Block--     --Seeks--
Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  /sec %CP
  2G 12257  96  106932   38  49495   26  13139    99 129916  40   266.9   1 (single)
  2G   7490  58    17899     5    8108     1    8452    70   20058   1    273.5   1 (crypt)
  2G 11500  90    79031   32  38033   21  12246     92 117455  29   269.8   0 (crpt accel)