Is AES-NI fully supported?

Has support for the Intel AES-NI hardware crypto acceleration been added to Ubuntu (LUKS, kernel, OpenSSL libs, etc)? If so, starting with which version?

Here is a list of Intel processors supporting AES-NI:

  • http://ark.intel.com/MySearch.aspx?AESTech=true

More about AES-NI:

  • http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/
  • http://en.wikipedia.org/wiki/AES_instruction_set#Software_supporting_AES_instruction_set
  • http://www.tomshardware.com/reviews/clarkdale-aes-ni-encryption,2538.html

I am mostly interested in finding out if this effectively suppresses / diminishes any performance penalties of using full disk encryption in Ubuntu.


It is supported at least since Karmic Koala on the amd64 architecture and since Natty Narwhal it is supported also on the i386 architecture.

You can find that out by looking at the kernel configuration files found here. Search for the term CONFIG_CRYPTO_AES_NI_INTEL.


If your root partition is LUKS-encrypted you should add aesni-intel to /etc/initramfs-tools/modules (and run sudo update-initramfs -u -k all afterwards).

Otherwise the module will be loaded too late in the boot process.


Block level kernel encryption (dm-crypt) already full supports AES-NI cryptographic acceleration.

File level kernel encryption (eCryptfs) support for AES-NI was recently merged into the Linux upstream kernel tree, and should make its way into the Ubuntu kernel soon. Perhaps 13.10?