Fixing Ubuntu SSD Encryption Speed

TL;DR: A default install of Ubuntu 12.04 LTS with an encrypted filesystem will not use the AES-NI features of your Intel CPU for hardware accelerated encryption.

I recently found a two year old bug after searching on and off since I started using Ubuntu 12.04 LTS that reports slow SSD speeds when using dm-crypt, even though with AES-NI speeds should be close to unencrypted. Turns out its a simple kernel configuration issue, which the Ubuntu devs have seemingly declined to fix. You can apply a workaround, however, that will correctly load the aesni_intel module so it can be used to accelerate crypto unlocked at boot.

First, edit the list of modules to be force-loaded:

sudo vim /etc/initramfs-tools/modules

Below the last line, add

# enable h/w accelerated encryption
cryptd
aes_x86_64
aesni_intel

Then run

sudo update-initramfs -u -k all

Reboot and enjoy.

Here’s the bug report for those curious: Module aesni_intel not being loaded before mounting LVM2 stacked on LUKS

I am unaware if this issue has been fixed in later Ubuntu revisions — please leave a comment if you can confirm/deny.

Posted in Software | Leave a comment

Leave a Reply

Your email address will not be published.