Determining whether hardware acceleration is being used

Db2® native encryption is designed to transparently recognize and take advantage of hardware acceleration for cryptographic operations. This feature, provided by some Intel compatible, PowerPC and z processors, dramatically reduces the impact of these operations on performance.

To determine whether hardware acceleration is being used by Db2 for encryption:

1. Set the diaglevel configuration parameter to the value 3.
2. Start Db2.
3. Open the db2diag.log file and look for a message from cryptContextRealInit similar to the following example:

   2025-05-29-06.08.27.248060-420 I15705E604            LEVEL: Event
   PID     : 36058                TID : 140628214146624 PROC : db2sysc 0
   INSTANCE: db2inst1               NODE : 000
   HOSTNAME: db2inst1
   EDUID   : 12                   EDUNAME: db2sysc 0
   FUNCTION: DB2 Common, Cryptography, cryptContextRealInit, probe:2742
   DATA #1 : String, 37 bytes
   CPU flags(string): 0xfff83203078bfbff
   DATA #2 : String, 37 bytes
   CPU flags(Uint64): 0xFFF83203078BFBFF
   DATA #3 : String, 41 bytes
   AES hardware acceleration detected: AESNI
   DATA #4 : String, 48 bytes
   Hardware random number generator detected: RdRnd

Results

Short messages are written in the DATA #3 and DATA #4 lines, indicating whether IBM Global Security Kit (GSKit) recognizes the presence of hardware accelerated AES instructions and a hardware random number generator.

If acceleration is detected, the messages are displayed as AES hardware acceleration detected: <the platform specific name> and Hardware random number generator detected: <platform>. The strings for each platform are different and vary depending on the features supported by the CPU.