c - How to enable CPU AES Intrisics?

Question

I have an older Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz which supports according to Intel

https://ark.intel.com/content/www/us/en/ark/products/82763/intel-xeon-processor-e5-1620-v3-10m-cache-3-50-ghz.html

AES NI instructions. But when I look with CoreInfo

C>coreinfo  | findstr "AES SSE"
SSE             *       Supports Streaming SIMD Extensions
SSE2            *       Supports Streaming SIMD Extensions 2
SSE3            *       Supports Streaming SIMD Extensions 3
SSSE3           *       Supports Supplemental SIMD Extensions 3
SSE4a           -       Supports Streaming SIMDR Extensions 4a
SSE4.1          *       Supports Streaming SIMD Extensions 4.1
SSE4.2          *       Supports Streaming SIMD Extensions 4.2
AES             -       Supports AES extensions

I find that AES is disabled. So far I failed to identify anything in the BIOS to disable AES support. Is this somewhere configurable with a tool or is this processor not cabable of AES instructions despite the Intel documentation?

I have found the issue that when I transfer data via a secure websocket (wss://...) the majority of CPU is spent in https.sys dealing with encryption and in chrome with decryption. That makes no sense since everyone is telling me that encryption and https is cheap. This is only the case if the CPU supports AES-NI instructions. Otherwise the overhead is significant and slows down transfers by factor two.

On Windows the TLS and all encryption routines are indeed open source at: https://github.com/microsoft/SymCrypt

The relevant switch is

#define SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE (SYMCRYPT_CPU_FEATURE_SSSE3 | SYMCRYPT_CPU_FEATURE_AESNI)   // The SSSE3 implies SSE, SSE2, and SSE3
    
    
    VOID
    SYMCRYPT_CALL
    SymCryptAesCtrMsb64(
        _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
        _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
        _In_reads_( cbData )                        PCBYTE                      pbSrc,
        _Out_writes_( cbData )                      PBYTE                       pbDst,
                                                    SIZE_T                      cbData )
    {
    #if SYMCRYPT_CPU_AMD64
        if( SYMCRYPT_CPU_FEATURES_PRESENT( SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE ) )
        {
            SymCryptAesCtrMsb64Xmm( pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
        } else {
            SymCryptAesCtrMsb64Asm( pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
        }

This makes it pretty clear that if the CPU does not support AES-NI then we end up consuming lots of CPU in SymCryptAesCtrMsb64Asm which is slow, or if we have AVX2 and AES-NI then the CPU is only a fraction spent in SymCryptAesCtrMsb64Xmm.

How can I enable AES-NI support on that machine? Is this a BIOS setting?

The machine is a physical machine

System Manufacturer, FUJITSU
System Product Name, CELSIUS M740

question from:https://stackoverflow.com/questions/65830400/how-to-enable-cpu-aes-intrisics

Answer 1

Waitting for answers