In addition to recently working out [1]AES-XTS implementations for AVX2, AVX-512, and other versions for speeding up disk/file encryption , Google's Eric Biggers has additionally been working on some nice performance improvements for the Linux kernel's DM-Verity code.

DM-Verity as a reminder is the Device Mapper means of providing transparent integrity checking of block devices using a cryptographic digest. With the pending code by Eric Biggers, there is improved performance coming by making use of multi-buffer hashing. He explained in [2]this patch culminating the series:

"When supported by the hash algorithm, use crypto_shash_finup2x() to interleave the hashing of pairs of data blocks. On some CPUs this nearly doubles hashing performance. The increase in overall throughput of cold-cache dm-verity reads that I'm seeing on arm64 and x86_64 is roughly 35% (though this metric is hard to measure as it jumps around a lot)."

There's also [3]a patch for FSVERITY to provide a similar performance benefit for file-based authenticity protection.

Quite a nice improvement coming to a kernel near you for those making use of DM-Verity and/or FSVERITY.



[1] https://www.phoronix.com/news/Linux-6.10-Faster-AES-XTS

[2] https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/commit/?h=crypto-pending&id=44356b220d3f09c234dfa107e518aa742420d0eb

[3] https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/commit/?h=crypto-pending&id=01d7f8ae65564ce2f0da7bb2bf8c752ebaed8748