Determining whether hardware acceleration is being used

Db2 native encryption is designed to transparently recognize and take advantage of hardware acceleration for cryptographic operations. This feature, provided by some Intel compatible, PowerPC and z processors, dramatically reduces the impact of these operations on performance.

To determine whether hardware acceleration is being used by Db2 for encryption:

1. Set the diaglevel configuration parameter to the value 3.
2. Start Db2®.
3. Open the db2diag.log file and look for a message from cryptContextRealInit similar to the following example:

   2025-05-29-06.08.27.248060-420 I15705E604            LEVEL: Event
   PID     : 36058                TID : 140628214146624 PROC : db2sysc 0
   INSTANCE: db2inst1               NODE : 000
   HOSTNAME: db2inst1
   EDUID   : 12                   EDUNAME: db2sysc 0
   FUNCTION: DB2 Common, Cryptography, cryptContextRealInit, probe:2742
   DATA #1 : String, 37 bytes
   CPU flags(string): 0xfff83203078bfbff
   DATA #2 : String, 37 bytes
   CPU flags(Uint64): 0xFFF83203078BFBFF
   DATA #3 : String, 41 bytes
   AES hardware acceleration detected: AESNI
   DATA #4 : String, 48 bytes
   Hardware random number generator detected: RdRnd

Results

Short messages are written in the DATA #3 and DATA #4 lines, indicating whether IBM Global Security Kit (GSKit) recognizes the presence of hardware accelerated AES instructions and a hardware random number generator.

If acceleration is detected, the messages are displayed as AES hardware acceleration detected: <the platform specific name> and Hardware random number generator detected: <platform>. The strings for each platform are different and vary depending on the features supported by the CPU.