Manualshelf

Operation Manual

ManualsBrandsVeraCrypt ManualsSoftware1.16
61626364656667686970
64
Hardware Acceleration
Some processors (CPUs) support hardware-accelerated AES encryption,
*
which is typically 4-8
times faster than encryption performed by the purely software implementation on the same
processors.
By default, VeraCrypt uses hardware-accelerated AES on computers that have a processor where
the Intel AES-NI instructions are available. Specifically, VeraCrypt uses the AES-NI instructions
that perform so-called AES rounds (i.e. the main portions of the AES algorithm).
VeraCrypt does
not use any of the AES-NI instructions that perform key generation.
Note: By default, VeraCrypt uses hardware-accelerated AES also when an encrypted Windows
system is booting or resuming from hibernation (provided that the processor supports the Intel
AES-NI instructions).
To find out whether VeraCrypt can use hardware-accelerated AES on your computer, select
Settings > Performance and Driver options and check the field labeled Processor (CPU) in this
computer supports
hardware acceleration for AES’.
To find out whether a processor you want to purchase supports the Intel AES-NI instructions (also
called "AES New Instructions"), which VeraCrypt uses for hardware-accelerated AES, please check
the documentation for the processor or contact the vendor/manufacturer. However, note that some
Intel processors, which the Intel website lists as AES-NI-supporting, actually support the AES-NI
instructions only with a Processor Configuration update. In such cases, you should contact the
manufacturer of the motherboard/computer for a BIOS update that includes the latest Processor
Configuration update for the processor.
If you want to disable hardware acceleration of AES (e.g. because you want VeraCrypt to use only
a fully open-source implementation of AES), you can do so by selecting Settings > Performance
and Driver Options
and disabling the option Accelerate AES encryption/decryption by using the
AES instructions of
the processor’. Note that when this setting is changed, the operating system
needs to be restarted
to ensure that all VeraCrypt components internally perform the requested
change of mode. Also
note that when you create a VeraCrypt Rescue Disk, the state of this
option is written to the
Rescue Disk and used whenever you boot from it (affecting the pre-boot
and initial boot phase).
To create a new VeraCrypt Rescue Disk, select System > Create Rescue Disk.
*
In this chapter, the word 'encryption' also refers to decryption.
Those instructions are AESENC, AESENCLAST, AESDEC, and AESDECLAST and they perform the following AES
transformations: ShiftRows, SubBytes, MixColumns, InvShiftRows, InvSubBytes, InvMixColumns, and AddRoundKey (for