AES-NI: Much Faster Encryption & Bitlocker Performance

Westmere (and thus Clarkdale) adds some new instructions to x86, although the big expansion comes with AVX and Sandy Bridge next year. Westmere gets six new encryption/decryption instructions. The group of instructions accelerate AES (Advanced Encryption Standard) and are thus referred to as AES-NI.

Many businesses require that all corporate PCs have the contents of their hard drives encrypted through the use of software like Bitlocker that comes with Microsoft Windows 7. These sorts of applications can be accelerated by AES-NI and to show the potential benefit I dug up a test I did while preparing for one of our SSD articles several months ago.

If you turn on Bitlocker in Windows 7 there's an immediate and measurable impact to performance. Disk performance generally drops by a noticeable amount and actual application usage performance drops by a smaller amount. Every write to the disk has to be encrypted first so there's some obvious CPU overhead. Clarkdale should reduce that overhead significantly as the common encryption operations are now hardware accelerated.

To test this I ran three tests. I first ran PCMark Vantage's HDD suite on my Windows 7 testbed SSD (an OCZ Summit) on a Core i5 661, then encrypted the drive using Bitlocker and ran the same test on the same processor. For the last test I swapped out the i5 661 for a Lynnfield based Core i5 750 (no AES-NI) and re-ran the HDD test. The results below were quite promising:

Processor PCMark Vantage HDD % of Unencrypted Performance
Clarkdale - Unencrypted 16713  
Clarkdale - Bitlocker Encryption 13785 82.5%
Lynnfield - Bitlocker Encryption 11744 70.3%


There's a definite benefit to Clarkdale's AES-NI instructions. There's still a performance hit from enabling Bitlocker, but it's not nearly as great as on Lynnfield and other architectures that don't have AES-NI support. With a smaller decrease in I/O performance from enabling full disk encryption, there's also a smaller hit to application performance as well. This is huge for corporate desktops/notebooks.

Most of those machines aren't quad-core encoding monsters; they use dual-core processors. The upgrade from Core 2 seems like it'd be worth it, or at least AES-NI will probably keep AMD out of the running for consideration.

Intel HD Graphics: A Lot Better ASUS Saves the Day: Simulated Core i3s & The Test


View All Comments

  • Anand Lal Shimpi - Monday, January 4, 2010 - link

    You're very right, it appears to be a side effect of the ASUS H57 board looking at everyone else's results. I'm out in Vegas at CES now but I'll run some numbers on Intel's H55 when I return this weekend.

    Take care,
  • plonk420 - Monday, January 4, 2010 - link

    this power consumption is a bit weird... i've actually done the same test

    pc power & cooling 750 watt
    i7-920, ex58-ud3r, 3x1 DDR3, hd5870, 2 hdds, 3 fans, HT on

    default voltage: 215 watts in p95 (122 watts idle, no powersave mode)
    undervolted 1.125v: 187 watts in p95 (121 watts idle, no powersave mode)

    default, 8600GT: 211 watts in p95 (116 watts idle, no powersave mode), 184 watts on "sane load" (distributed computing)
    1.125v, 8600GT: 183 watts in p95 (115 watts idle, no powersave mode), 164 watts on "sane load" (distributed computing)

    i7-860, ex-p55m-ud2, 4x1 DDR3, 5870, 2 hdds, 2 fans, HT on
    default voltage: (either i lost results, or i never tested them)
    undervolted 1.025v: 167 watts p95 (107 watts idle, 101 watts in power saver), 149 watts on enigma@home (8 instances)
  • Spoelie - Monday, January 4, 2010 - link

    The Load Power Consumption on page 4 also raises questions.

    The Phenom system rises 90w to decode a x264 movie, while the clarkdale system only rises 20w. It seems to me that the clarkdale system had DXVA support on while the Phenom system had it off..

    Can someone check/confirm this?
  • Anand Lal Shimpi - Monday, January 4, 2010 - link

    I was caught off guard by it too but DXVA was enabled. I'm currently out in Vegas for CES but when I return I'll give it another look in our Core i3 review. I've had issues with power consumption being stuck at unusually high levels on AMD boards in the past, but I couldn't get this one to shake in time.

    Take care,
  • MrAwax - Monday, January 4, 2010 - link

    HD Codec bitstreaming has been added in HDMI 1.3 specs at the receiver manufacturer request for no reason except that they did want to lose their market.

    Since HD codecs are LOSSLESS, decoding them in the player or in the receiver makes NO difference. And HDMI supports streaming of 8 uncompressed channels in LPCM @192kHz/24b since 1.0. So digitally, there is ZERO POINT ZERO difference. This is the reason it is useless. And this is the reason HDMI added 8 channels of high resolution audio so you won't need to upgrade your receiver !

    And this is stupid because bitstreaming is a LIMITATION of feature, not an added feature. BluRay norm supports in player audio mixing. A lot of discs are already supporting it. The player can mix sounds live on the main soundtrack. This is useful for adding dynamic menu sounds or director/actor commentary. In theory, the disc could even have a single music/fx soundtrack and dynamically mix voice to support multiple langage and save space on disc (voice is generally stereo, is not always present and reencoding every time the music/fx is a waste of storage). With HDMI bitstreaming, you can stream the main track only. Gone is the menu fx sound, gone is the bonus commentary and gone is the voice.

    Welcome to receiver manufacturer lobbying for USELESS and STUPID feature.

    PS: on the contrary, 8 channels hires LPCM is a great feature.
  • salacious - Monday, January 4, 2010 - link

    Bitstreaming does have the disadvantages of loosing audio track mixing but it does offer something.
    If the decoding is done in the PC were are relying it to not to downsample to 48kHz/16bit which happens unless you have the correct combination of player and audio card. If the decoding is done in the PC you are relying that it decodes to the correct speaker and I have found that with a 7.1 speaker setups this is a complete mess.
    Also if you want to apply any receiver effects to the audio then over HDMI you tend to be limited. If the movie is 5.1 and it is EX encoded and you have a 6.1/7.1 speaker setup, then the usual solution is to apply this processing in the receiver but if you set your PC to 7.1 then it sends 2 blank audio channels and you can't apply EX processing. You have the same problem is you play back a surround encoded stereo track on a 5.1 speaker system, all that happens is that the audio is output from the left/right speakers and you are unable to apply pro-logic decoding to it.
    A solution would be for the PC to offer Pro-logic IIx and other types of decoding but as they don't then you need the receivers to do it which means bitsreaming.
  • FlyTexas - Monday, January 4, 2010 - link

    ...Is this really needed?

    Ok, so more speed is good, I wouldn't turn it down... ...however anyone who uses computers in the office environment knows that CPUs have been "fast enough" for awhile now.

    We currently have a dozen Dell Vostro 200's with Pentium Dual Core 1.6ghz CPUs, and a dozen Dell Vostro 220's with Pentium Dual Core 2.4ghz CPUs in the office (among a few other oddball machines and the server).

    These computers run Office 2007, Adobe Acrobat 9, IE 8, etc. Some of them also run Quickbooks and a few other programs. None are used for video encoding, games, or anything that fancy.

    You know what? The difference between the 1.6ghz machines and the 2.4ghz machines isn't all that noticeable, once everything is up and running (they all have 2GB of RAM, running Windows XP Pro SP3). They all have the Intel GMA graphics, and for the office, they are all plenty fast.

    Why would our company upgrade to these new CPUs?

    The Pentium Dual Core CPUs were a nice jump over the Pentium 4 line. (we used to have all Pentium 4 machines back in 2006) This new line of CPUs doesn't seem like the same kind of improvement.
  • tomaccogoats - Monday, January 4, 2010 - link

    I only look at new cpu's for gaming :p Reply
  • lowlight - Monday, January 4, 2010 - link

    You might notice a difference if they were running Windows 7 with 4GB of ram. Right now they are all a bit bottlenecked by the OS (poor multitasking performance) and low amount of RAM.

    But in general I agree with what you're saying.
  • FlyTexas - Monday, January 4, 2010 - link

    I have Windows 7 installed on my computers at home, I haven't moved the office machines due to a lack of any good reason to do so.

    We have Windows 2003 R2 Small Business Server at work. Everyone is on user accounts on a domain. We have a hardware firewall running as well as the usual antivirus/spam/etc. stuff running.

    It all just works, I have no desire to rip it all apart, spend a lot of the company's money, to gain... well I'm not sure what we'd gain. If I can't think of a good reason to do it, I sure can't sell it to the boss.

    This isn't a knock against Microsoft, I personally love Windows 7, it is great for my home computer, but it doesn't do anything for the work computers. In a larger company, I can see the benefits of moving to it (and Server 2008), but we just don't have that large of a network (or budget).

    As a side note: You wouldn't have wanted to see the mess that was here when I got here, it was all running on a wireless linksys router on an unencrypted network. I managed to get the office wired with gigabit ethernet and turn off the wireless. Got a good server in place, setup a Dell account, and moved out most of the oddball machines (we did two lease purchases of machines, one for each dozen of the Vostros, got a heck of a deal on them too). Of course I sold this to the boss by saying that it would all last at least 5 years, and we're about 2 years into that 5 year plan. :)

    Maybe we'll just skip Windows 7 and move to 8 when it comes out.

Log in

Don't have an account? Sign up now