x86/64: enable AES-NI support in kernel

The kernel will detect if the host supports this, so we can just enable
it in the kernel config.

Tested on an APU2 with AES-NI support and a KVM VM on a Xeon E5520 host
without AES-NI support.

Throughput over an IPsec tunnel between these 2 hosts increased from
~63Mbps to ~140Mbps. Ciphers: AES_GCM_16_256/PRF_HMAC_SHA2_512/ECP_521.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

diff --git a/target/linux/x86/64/config-default b/target/linux/x86/64/config-default
index 5cdbc74b23f7a9b4ca5858151b16d3c7a7d48b99..791c1f21916b1ac2b2ac6fdcb3d7cae9b4c0bf19 100644 (file)
--- a/target/linux/x86/64/config-default
+++ b/target/linux/x86/64/config-default
@@ -52,7 +52,8 @@ CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y
 CONFIG_CONNECTOR=y
 CONFIG_CPU_RMAP=y
 CONFIG_CRC_T10DIF=y
-# CONFIG_CRYPTO_AES_X86_64 is not set
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
 # CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
 # CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set
 # CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set