1. You may have noticed things look a little different around here - we've switched to a new platform (XenForo) and have some new forum styles and features. This how-to guide will help you find your way around. If you find anything that looks strange, post it in this thread.

AES-NI support in TrueCrypt (Sandy Bridge problem)

Discussion in 'Windows OS and Software' started by Skywise, May 31, 2011.

  1. Archdean

    Archdean Notebook Enthusiast

    Reputations:
    1
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    15
    Would someone please explain the realworld effects of having AES-NI enabled. What will I see different in everyday use. I have one of the first N53SV-A1 Bios 214 and love it but hesitate to update the bios just for this purpose without knowing the benifits.

    Thanks for taking the time to answer my question.

    Dean
     
  2. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    30
    It's quite useful for AES encryption as you'll get hardware acceleration. 6-7x speedup (2.5 GB/s vs something under 400 MB/s in TrueCrypt), which is obviously a plus if you do a full disk encryption.
     
  3. Archdean

    Archdean Notebook Enthusiast

    Reputations:
    1
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    15
    Ok, thanks since I don't encrypt anything with this notebook are there any other good reasons or any other programs/functions that will benifit?
     
  4. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    30
    If you don't encrypt then no.
     
  5. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    6
    Not entirely true. There are benefits when using SSL (https) and some types of VPN. Also some DRM implementations rely on AES. Perhaps the most important benefit is wifi security. In WPA2, AES is used to encrypt traffic.
    These are just some typical examples. There are many, many more.
     
  6. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    30
    Well, of course, anything that has to do with AES will benefit from AES-NI instructions. But will AES-NI give you noticeable effects in those examples that you just listed? I'm guessing this is the question that he is trying to get an answer to and see if the benefits outweigh the risk of accidentally bricking the BIOS chip. And I don't think web surfing really cuts it here.
     
  7. formerglory

    formerglory Notebook Evangelist

    Reputations:
    168
    Messages:
    394
    Likes Received:
    2
    Trophy Points:
    31
    In my experience, full disk encryption with vs without AES-NI is noticeable. I've used TrueCrypt on various computers for years now, and maybe it's just me, but my T420 (i7-2620M) experiences no slowdown or overhead, since it has AES-NI. Compared with earlier Core 2 Duo models, I do notice the difference (with HDDs, definitely, not as much with SSDs).

    If you plan on encrypting your entire drive, then AES-NI is the way to go. Yes, it has other functions (VPN, WiFi, etc) as listed above, but the big deal is full disk encryption.
     
  8. Teerex

    Teerex Notebook Geek

    Reputations:
    24
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    15
    I doubt AES-NI is useful (and used) for anything other than the applications specifically coded to take advantage of its presence (e.g. TrueCrypt, BitLocker).

    Browsers dont belong to this category. As for WPA2, I think that the adapter itself is tasked with encrpytion (as, for example, is the wireless router on the other end).
     
  9. rifle2000

    rifle2000 Newbie

    Reputations:
    0
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    5
    Of course everything that uses AES encryption will be speed up with AES hardware acceleration. Even if you are encrytping whole disk present processors will be enough to encrypt/decrypt on the fly (not SSD disks) but with hardware acceleration it takes less of processor load so it doesn't slow down other processes.
     
  10. Teerex

    Teerex Notebook Geek

    Reputations:
    24
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    15
    No it won't. As with other instruction sets (SSE, AVX, MMX) only the applications that actually use AES-NI in code will take advantage of it.
     
  11. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    6
    Not true. Nearly all applications employing AES don't use their own implementation but instead consult either the MS crypto API, OpenSSL or some other crypto library. Almost all of these will take advantage of AES-NI if available.

    Also not true. In contrast to DES, AES is assumed to be implemented in software and therefore not specifically designed to be implemented in hardware. This makes implementing it in hardware more difficult and thus more expensive. There is no wireless chipset I know of capable of offloading AES encryption.
     
  12. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    30
    So what exactly Qualcomm Atheros' specs for AR9285, which is also used in AR9002WB-1NG that some ASUS' N53s come with, mean by claiming hardware support for AES?
     
  13. Teerex

    Teerex Notebook Geek

    Reputations:
    24
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    15
    Yes, you're right, I apologize for my haughtiness. Starting with Windows 7, and its Crypto API:Next Generation, AES-NI is in use. Apparently all this time I wasn't aware exactly how much of a daily crypto workout my 2630QM was getting. :D

    OpenSSL supports it too.

    I haven't sourced this part yet, but judging from my experience above, I suspect you're right here too. :notworthy:
     
  14. Archdean

    Archdean Notebook Enthusiast

    Reputations:
    1
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    15
    I'm glad I asked the question, I think :confused:
    Actually I don't even use the WIFI as I have it hardwired on my bedstand. So it appears from your your lively discussions I will not see any improvement in updating my BIOS to 215, as one bric with this otherwise great laptop was one too many!!

    Thanks again,
    Dean
     
  15. carlicious

    carlicious Notebook Enthusiast

    Reputations:
    22
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    6
    In fact I was wrong and nebulus was right. Some wifi chipsets do in fact offload encryption. Among them is the Atheros AR9285, which is used in many ASUS laptops. I didn't know this for a fact because I do my routine work on linux and I haven't spotted support for offloading encryption in almost all of the linux drivers.

    Anyway I would recommend anyone eligible to an update which enables AES to update because it is definitely worthwhile to my opinion. Most BIOS updates don't offer such an improvement on performance, if any at all. The risk of bricking your laptop when flashing a BIOS is grossly exaggerated if you ask me. I've never seen it going wrong when using a BIOS supplied by the manufacturer.
     
  16. nebulus

    nebulus Notebook Consultant

    Reputations:
    1
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    30
    Update also fixes the boot issue among the things. And as carlicious has noted several crypto libraries (CNG, OpenSSL, NSS SSL, etc.) already support hardware acceleration. And there're no cons only pros here, as far as I see.

    I feel your pain and hesitation, but let's put it this way: What are the chances you'll brick the chip again? Rather slim, don't you think. Just make sure you flash from BIOS and FAT formatted USB stick (normally they are already FAT32 pre-formatted) and you should be fine.

    EDIT: And also make sure the laptop is plugged in.
     
  17. Rom1_thequich

    Rom1_thequich Newbie

    Reputations:
    0
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    5
    I was wondering if AES-NI would be supported by my laptop one day, and finally it is :)

    I have followed the two posts of carlicious (here and here) and I have succesfully updated (on DOS with AFLASH2) my Asus G53SW.

    The modified bios can be find here : G53WAS_AES.203
    It is based on the only bios for G53SW (203) on Asus website.

    A big thanks to all of you, particularly carlicious :notworthy:

    TrueCrypt AES 473MB/s -> 2,5GB/s
     
  18. kcobra98

    kcobra98 Notebook Enthusiast

    Reputations:
    9
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    15
    I just received my new Asus U46SM-DS51 and it came with the latest BIOS version 203. AES-NI was already enabled and running great per TrueCrypt and Intel's own identifier software.
     
  19. WWFDoink

    WWFDoink Newbie

    Reputations:
    0
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    5
    Not so important for me since carlicious great job but looks like asus heard the noise.

    N53SN:
    BIOS 209
    1.Show system serial number on setup menu
    2.Add CPU AES-NI function support
    3.Update CPU microcode
    4.Fix sometimes system can't boot after press power button.
    5.Update EC firmware
    File Size
    1,06 (MBytes) 2012.02.24 update
     
  20. 6insomnia9

    6insomnia9 Notebook Enthusiast

    Reputations:
    0
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    5
    Could someone reupload the modified bios for the G73SW
     

Share This Page