State of hardware-assisted disk encryption in Linux

linux debian encryption disk-encryption

Solution 1:

The Via C3 series of CPUs integrated a technology called "Via Padlock". This was hardware-accelerated crypto in the CPU. The Linux kernel gained support for this fairly rapidly. Likewise, many modern CPUs (Intel Sandy Bridge, for example) incorporate support for the AES-NI (AES Native Instruction) instruction set. These are instructions that implement portions of AES natively in hardware, significantly increasing the speed of encryption. These instructions are also supported by the Linux kernel.

I'm not sure which "cheap" chips you're referring to. While there are hardware crypto accelerators, these are FAR from cheap. The last time I looked at them, they were thousands of dollars each. They are intended (typically) either for VPN concentrators or webservers that do a lot of HTTPS traffic. (In other words, systems where almost all the connections are encrypted.) Several of these devices are supported by the Linux kernel.

As for TPM chips: TPM chips are capable of storing encryption keys, and I believe the Linux kernel supports them. TPM chips do not perform cryptographic operations (well, technically they do, but not for things like disk encryption) and so offer no benefit for dm-crypt.

Related

NGINX on OSX - Performing terribly slow
TCP/IP performance tuning under KVM/Qemu
Green-IT: How do you deal with poweroff systems in your system monitoring?
Accessing CIFS shares from an OS X machine incredibly slow
How to present shared storage for MS Cluster Services running on vSphere 5
OpenIndiana installation hangs at 2% - Preparing disk for OpenIndiana installation
Network performance deteriorates when uninvolved device on switch is shut down
too many 408 error codes in access log
Supervisord appears to be running, but monitored programs aren't launched
Unexplained periodic humps in system CPU usage on W2K3E
Tmux send-keys stripping space
Configuring Cassandra for consistency across multiple datacenters