Linux 6.10 AES-XTS For Disk/File Encryption As Much As ~155% Faster For AMD Zen 4 CPUs

For those making use of AES-XTS crypto for the likes of disk and file encryption on x86_64 CPUs, the upcoming Linux 6.10 kernel cycle is bringing some very tantalizing improvements especially if you are running recent AMD and Intel processors. With AMD Zen 4 processors the benefits can be as much as 155% faster while even Intel Ice Lake and Sapphire Rapids server processors can enjoy 127~151% faster AES-XTS-256.

Eric Biggers with Google has been working on new AES-XTS implementations for newer AMD and Intel x86_64 processors. There are new implementations for AES-NI + AVX, VAES + AVX2, VAES + AVX10/256, and VAES + AVX10/512. The new implementations are most impactful for CPUs with Vector AES Instructions (VAES) found on Intel Icelake and newer or AMD Zen 3 and newer, but to a lesser extent the AES-NI paired with AVX can provide some wins too for older processors.

The biggest AES-XTS performance improvements are understandably those CPUs with AVX-512 support. But even for AVX-512 enabled processors, the new crypto code is avoiding ZMM register use on certain Intel CPUs (such as Ice Lake) to avoid CPU frequency downclocking. With these patches now slated for introduction in the Linux 6.10 kernel, they will be automatically used with the best AES-XTS implementation being chosen based on the CPU model in use.

The biggest winner out of this AES-XTS performance work is AMD Zen 4 considering the AVX-512 support, not impacted by any down-clocking like with older Intel CPUs, and that AVX-512 support being found across all Zen 4 cores from the Ryzen 7000 series through the EPYC 8004/9004 series server processors. Tests by Eric Biggers during the patch review series show AMD Zen 4 enjoying a 155% improvement for 4096-byte messages with AES-256-XTS or 117% with 512-byte messages. Intel Sapphire Rapids comes closely behind those Zen 4 results.

These new x86_64 AES-XTS implementations were queued this past week into the cryptodev Git branch making it material for the upcoming Linux 6.10 kernel merge window that kicks off in mid-May. Both encryption and decryption similarly benefit from these new implementations.

This is great news for AES-XTS file and disk encryption performance on newer AMD/Intel CPUs. Linux 6.9 won't be out as stable for another month but already a lot of interesting work is beginning to queue for Linux 6.10 that will be hitting systems as we enter the second half of the year.