The specific issue vexing the latest Nexus is that the hardware encryption engine provided by its Snapdragon 805 SoC is disabled, forcing all file system encryption/decryption to be executed in software on the CPU.
In November and early December of last year, during the development of the 5.1 update, there was a series of software commits enabling and disabling the hardware based encryption engine. Ultimately, hardware encryption was disabled again for the Nexus 6 5.1 update. We asked Google about this decision, but they would not provide an answer.
Even though file encryption is still funneled through the CPU, the update should still improve storage performance. The encryption engine can now utilize NEON instructions and has additional threads at its disposal. Previously, with only two CPU cores online, the encryption driver was allocated only two threads to handle file read and write requests. The 5.1 update however, keeps all four cores active all the time, which means the encryption driver now has up to four threads to perform its work.
AndEBench Pro Storage Test
|Galaxy Note 4 (5.0.1)||449||1025||20877||3340||20425||7992||56653||125891||127268|
|Nexus 6 (5.0)||209||723||9084||1322||7449||5951||12969||23107||24857|
|Nexus 6 (5.1)||169||636||8714||982||6116||5676||15060||30932||32646|
|Nexus 6% Diff||-18.9%||-12.0%||-4.1%||-25.7%||-17.9%||-4.6%||16.1%||33.9%||31.3%|
|First letter: S=sequential, R=randomSecond letter: R=read, W=write||Values in KB/s - Higher is betterFile Size: 5, #Folders: 3, #Files/Folder: 1|
The results from the AndEBench Pro storage test show nice gains reading larger blocks of data, just over 30%. Unfortunately, reading and writing smaller blocks of data generally show a performance regression. Increasing the file size parameter does improve the numbers, causing a few negatives to flip positive, but the overall trend remains. Based on these results, it appears that disabling Qualcomm’s thread migration boost feature has a greater impact on file encryption performance than adding more threads or using NEON instructions.
What this test fails to capture, however, is the storage performance in real-world scenarios. Reading and writing to storage does not happen in isolation. Instead, the encryption driver must fight threads from the active program, background tasks, operating system, user interface, etc. for CPU time. Having all four cores active all the time means more resources are available to the system and eliminates the latency involved in bringing the other cores online. In theory at least, storage performance in these noisy scenarios should at least be more consistent with the 5.1 update.
Even with the uplift in some scenarios, the Nexus 6 running Android 5.1 still trails the Galaxy Note 4 by a significant margin. If FDE is going to be a viable option, which it needs to be, then Google needs to resolve the issues surrounding full hardware encryption.