Bug 253505

Summary: 13-BETA2: encrypted swap and root partition leads to software accelerated encryption
Product: Base System Reporter: Gordon Bergling <gbe>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed Works As Intended    
Severity: Affects Many People CC: delphij, jah, jmg
Priority: ---    
Version: 13.0-STABLE   
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
dmesg output from RPi4B
none
dmesg output none

Description Gordon Bergling freebsd_committer freebsd_triage 2021-02-14 13:40:34 UTC 
Created attachment 222433 [details]
dmesg output from RPi4B

I installed the recent 13.0-BETA2 release on my main workstation, with an encrypted swap and root partition. In the dmesg output the used encryption method is software, which leads to decreased read and write performance.

The CPU is an older i5 which has definitely hardware encryption support. As far as I know, aesni is included within the GENERIC build, so hardware encryption should be used.

The dmesg output of the system in attached. ZFS is the used filesystem.
Comment 1 Gordon Bergling freebsd_committer freebsd_triage 2021-02-14 13:42:07 UTC 
Created attachment 222434 [details]
dmesg output

Add the correct dmesg output
Comment 2 Jason A. Harmening freebsd_committer freebsd_triage 2021-02-15 21:28:00 UTC 
dmesg shows GELI advertising "accelerated software".  I think this is expected.

aesni doesn't advertise CRYPTOCAP_F_HARDWARE.  From aesni_attach():

	sc->cid = crypto_get_driverid(dev, sizeof(struct aesni_session),
	    CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC |
	    CRYPTOCAP_F_ACCEL_SOFTWARE);

Since AES-NI uses special-purpose instructions on the local CPU, I think we would consider it "accelerated software": it's not a pure software scheme like cryptosoft, but neither is it a separate hardware offload engine.

If GELI were using cryptosoft instead, you'd just see "software" instead of "accelerated software" in dmesg.
You can run 'show crypto' in ddb to double-check.
Comment 3 Gordon Bergling freebsd_committer freebsd_triage 2021-02-16 05:20:46 UTC 
(In reply to Jason A. Harmening from comment #2)

Thanks for your reply. I was curios because I had running FreeBSD virtualized via Hyper-V on the same machine and GELI was reporting "Crypto: hardware". Maybe Hyper-V is exposing the CPU somehow normalized to the virtual machines. I will try to find a dmesg output in my backups to compare the reported CPU features.
Comment 4 Xin LI freebsd_committer freebsd_triage 2021-02-16 05:44:20 UTC 
This is intentional.  Previously the AES-NI was called "hardware" but decision was made to call it "accelerated software" instead (as hardware would refer to e.g. an acceleration card, etc, while "software" means purely software implementation).