# CPU Intel AES intructions



## ohyes (Jul 17, 2010)

Hello all 

soon, i will buy a notebook, of course install Freebsd on it.
I have two choices for the CPU. 

-intel core i5 430UM
-intel core i5 520UM

The first one don't have "AES Instructions on board", second yes.
With the first i save 100$

I know some zip-apps use those instructions.
But GELI ?
Is there an advantage with "AES instructions" and Freebsd encrypted filesystem ?

Regards...


----------



## vermaden (Jul 18, 2010)

@ohyes

FreeBSD does not yet support Intel graphics cards that come with i3/i5 CPUs (lack of GEM/TTM in the kernel), so You will have to use that notebook with VESA driver, propably with WRONG nonwide resolution, so its definitely NOT a good hardware choice for FreeBSD, better get Core 2 Duo notebook which wil be fuly suported.


----------



## ohyes (Jul 19, 2010)

oh! Many thanks for this information.

And about AES Instructions on CPU ?


----------



## ohyes (Jul 19, 2010)

on the GELI manpage (http://man.freetechsecrets.com/geli.8.html), we can read :



> [Geli] Utilizes the crypto(9) framework, so when there is crypto hardware available, geli will make use of it automatically.



But i'm not sure if the AES Instructions from core i5 are supported.

Thanks for all others informations.
:stud


----------



## vermaden (Jul 19, 2010)

@ohyes

I have absolutely no idea


----------



## mav@ (Jul 20, 2010)

kib@ was recently working on AES-NI support. Though I have neither used it, nor tracked present status.


----------



## ohyes (Jul 20, 2010)

thanks for this info.

So, we can suspend this thread and wait a while for more info.


----------



## Deleted member 2077 (Jul 23, 2010)

I heard that OpenBSD had hardware support in OpenSSL.  I'd assume that is also in FreeBSD?

What about SSH with AES?  That should get a nice boast in performance from hardware, right?


----------



## mav@ (Jul 23, 2010)

Hardly you are typing fast enough to notice difference.


----------



## ohyes (Jul 23, 2010)

right !

we need AES instruction for GELI ...
With ssh, it could be ok for sftp.
:r


----------



## dbi (Jul 23, 2010)

mav@ said:
			
		

> Hardly you are typing fast enough to notice difference.



Well, I'm sure you know ssh may be used for tunneling and data transfers (scp) as well.


----------



## mav@ (Jul 23, 2010)

BTW: kib@ committed his AES-NI crypto(4) driver into 9-CURRENT few hours ago. Merge to 8-STABLE planned in one month.


----------



## fronclynne (Jul 24, 2010)

dbi said:
			
		

> Well, I'm sure you know ssh may be used for tunneling and data transfers (scp) as well.



I couldn't rightly say just how much that might work on a gigabit network, but transferring a ~1GB disk image via the wireless here (passing the -C flag to scp) gives this little 1GHz centrino a massive 3-5%cpu load.  I seriously doubt that an encryption engine will speed that up.

As a disclaimer, I'm not stating that encryption engines are not extremely useful, but I can't see much advantage in home use for scp/ssh, at least here and now.


----------



## ohyes (Jul 27, 2010)

mav@ said:
			
		

> BTW: kib@ committed his AES-NI crypto(4) driver into 9-CURRENT few hours ago. Merge to 8-STABLE planned in one month.


*

Good job :f


----------



## Deleted member 2077 (Aug 19, 2010)

fronclynne said:
			
		

> I couldn't rightly say just how much that might work on a gigabit network, but transferring a ~1GB disk image via the wireless here (passing the -C flag to scp) gives this little 1GHz centrino a massive 3-5%cpu load.  I seriously doubt that an encryption engine will speed that up.
> 
> As a disclaimer, I'm not stating that encryption engines are not extremely useful, but I can't see much advantage in home use for scp/ssh, at least here and now.



geli, https, imap-ssl, ssh, stunnel, vpn, sftp, etc.


----------

