Web lists-archives.com

Re: bios/aes_vt




	Hi.

On Sat, Dec 30, 2017 at 01:54:00PM -0000, sejobud33@xxxxxxxxxxxxx wrote:
> i have an option in my new pc/bios : vt virtualization
> does it help the pc to work 'better' or is it used only when i run a vm ?

To my best knowledge, only virtualization software is using it.

> i have an option in my new pc/bios : aes
> does it help the pc to work 'better' or is it used only when i run the
> disk encryption feature ?

It actually does.
For instance, sshd uses libgcrypt library, and the disassembly of this
library clearly shows multiple 'aesdec' and 'aesenc' processor instructions:

objdump -d /lib/x86_64-linux-gnu/libgcrypt.so.20 | \
	egrep '(aesdec|aesenc')'

It's impossible to utilize those without AES support in CPU.
If you disable 'aesni' processor flag somehow, that means that libgcrypt
should fallback to pure software implementation of AES (which is slower,
eats more CPU etc).


> - are these feature related at the network (vpn/https/tor e.g.) ?

No, aesni is related to encryption.
Secure application level protocols are one (but not the only) way of
utilizing it.


> - should it not be better secured with both uncheck ?

Hardly.


> it is a lot of question, i know , but the documentation is so
> unclear/bizarre ...
> - are these 'option' considered as dependencies of a cpu or as special
> functions independent of the pc (controlled by the ime ? ) ?

Both vmx and aesni are implemented in CPU. You can disable first
usually, but it's uncommon that they give you the option to disable
second.
UEFI mode, Intel ME, TPM has nothing in common with both vmx and aesni.

Reco