msr for enabling aes-ni instructions

thome · ‎09-04-2010

Hi all.

Does anybody know which bit of which msr enables the aes-ni instructions on the 5600 series cpus (westmere) ?

Longer story: We have here Dell servers with L5640 cpus. Those are said to have the AES-NI instructions enabled, and we do care for them. However, despite the fact the the BIOS claims they are enabled, in reality they're not, as cpuid checking demonstrates.

Googling seems to show that there is a potential for the bios writers to misinterpret intel's documents for enabling these instructions. There's even one guy whose bios swapped the enabled/disabled settings:

http://lists.freebsd.org/pipermail/freebsd-current/2010-May/017459.html

Unfortunately while my BIOS does have a setting ``aes-ni instructions'', it won't let me toggle that field (which would be a tempting gamble, just in case it's a similar ``inversion'' issue). Thus it would be interesting for me to know the msr index (assuming it's still modifiable from within the linux kernel).

Regards,

E.

levicki · ‎09-05-2010

Since the latest official documentation does not mention that the mechanism for enabling/disabling AES-NI even exists (why Intel?), and since your BIOS offers the option but it is grayed out, in my opinion there are only two possibilities:

1. BIOS is broken

Unfortunately, you will have to prove this to Dell in order to get a fix.

2. You got a CPU with AES-NI fused off in factory

Only option in that case is to ask for a replacement CPU.

To see which one of those two, you need to get one L5640 CPU for which you know it has AES-NI for sure (i.e. you have seen it working in another machine).

Finally, you should also try using another OS (live CD or temporary install) to verify that the OS itself is not a limiting factor (this should not happen but I'd check just in case).

neni · ‎09-07-2010

Do you use virtual machine under windows? the windows VM disabled AES-NI support

thome · ‎09-08-2010

No it's on linux (tried several kernel versions).

After disassembling the BIOS, I strongly suspect that bit 1 of msr 0x13c, when set, disables the aes-ni instructions. bit 0 probably plays a role as well.

Downgrading dell's bios to a version which does not attempt to play with this msr magically makes the aes instructions work as normal.

E.

vtune_user249 · ‎11-04-2010

I have had a similar problem as yours. Can you please tell me what version of BIOS you downgraded to. I currently have BIOS version 2.1.9

Thanks,

-P

Nicolae_P_Intel · ‎11-05-2010

I am also not aware of any available mechanism(msr) for turning AES-NI instruction support on or off.
The first thing I would do would be to check if the CPU supports AES-NI instructions and then follow up with the HW provider. This article http://developer.intel.com/Assets/PDF/manual/323641.pdf describes how to implement the check (please see figure 23).