AES-NI instructions have their own bit in CPUID (not bundled with any SSE bit) so future chips could not include it and software would fall back to regular AES code paths.
The x86 architecture has a large number of optional instruction sets. One of these, AES-NI, provides accelerated AES instructions. Another one, AVX, is a collection of general-purpose vector instructions. These were announced at the same time, but it seems like a large number of Intel's low-end CPUs (Celerons & Pentiums) only implement AES-NI.
Firefox's current implementation of the AES-GCM encryption mode uses AVX instructions. The bug report is a submission of a modified implementation that avoids them.
The CPU of the Raspberry Pi 4 is the only 64-bit ARM chip I've ever seen that doesn't include native AES instructions. As a result, it's much lower performance for network or disk encryption use cases.
Up until the RPi 4 I thought AES instructions were a part of AArch64, but I was wrong. Such a weird omission to make on (I expect) Broadcom's side. All other 64-bit ARM SBCs just have it, even the low cost ones.
>By default, TrueCrypt uses hardware-accelerated AES on computers that have a processor where the Intel AES-NI instructions are available. [sans key-generating instructions]
Example supported processors include (select) ones from the i5/i7 desktop and mobile Intel processors, but anything which has that instruction set should work, apparently.
(from: "hardware acceleration" chapter, link near the top of the article)
>The AES instructions (which are on any Intel chip after 2008) help out immensely compared to using just a generic router.
Be careful, this isn't true... most low end Intel chips (Celeron, Pentium, i3) don't support AES-NI. Starting with Skylake chips (2015/2016-era), the whole processor line supports AES-NI. See https://en.wikipedia.org/wiki/AES_instruction_set
This is not part of AES-NI and has never been released in a mid-range+ server/desktop CPU, only part of some Atom parts (Goldmont). Therefore software support is poor (I think OpenSSL does not support it). It is said to be included in 2018+ Cannonlake, though.
good luck getting a system compiled that does not use them at all. Might be possible with gentoo and the right configuration as it compiles everything, but with a dominantly binary distro like Ubuntu or Debian you're SOL.
The AES-NI instruction set was proposed in 2008 and the first intel cpus started shipping almost three years ago.[1] Soekris has had the vpnXXXX crypto accelerators since as long as I can remember.[2]
Actually it is.
For example some RPi CPUs have AES acceleration instructions built similar as AES-NI on x86. But due firmware limit we can't use them.
Probably it's licensing and pricing issue...
reply