meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
nsa310:debian [2015/04/01 08:56] – [loaded CPU benchmark] niziak | hw:nsa310:debian [2020/11/01 16:23] – niziak | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Debian ====== | ||
+ | |||
====== References ====== | ====== References ====== | ||
+ | |||
OpenWRT packages: [[http:// | OpenWRT packages: [[http:// | ||
Line 231: | Line 234: | ||
</ | </ | ||
- | |||
- | ====== Encrypted partition ====== | ||
- | |||
- | < | ||
- | apt-get install cryptsetup-bin | ||
- | </ | ||
- | |||
- | Enable HW acceleration. Which is a bit slower than software :P | ||
- | |||
- | < | ||
- | modprobe mv_cesa | ||
- | cat / | ||
- | </ | ||
- | |||
- | Is providing only: | ||
- | - hmac(sha1) | ||
- | - sha1 | ||
- | - cbc(aes) | ||
- | - ecb(aes) | ||
- | |||
- | There are also additional kernel modules optimised for ARM: | ||
- | - sha1_arm | ||
- | - aes_arm | ||
- | |||
- | |||
- | < | ||
- | cryptsetup benchmark | ||
- | </ | ||
- | |||
- | ^ Algorithm | ||
- | ^ | ||
- | ^ | ||
- | ^ | ||
- | ^ serpent-cbc | 128b | 11.1 MiB/s | ||
- | ^ twofish-cbc | 128b | 13.0 MiB/s | ||
- | ^ | ||
- | ^ | ||
- | ^ | ||
- | ^ serpent-cbc | 256b | 11.1 MiB/s | ||
- | ^ twofish-cbc | 256b | 13.0 MiB/s | ||
- | ^ | ||
- | ^ | ||
- | ^ serpent-xts | 256b | 11.5 MiB/s | ||
- | ^ twofish-xts | 256b | 13.4 MiB/s | ||
- | ^ | ||
- | ^ | ||
- | ^ serpent-xts | 512b | 11.5 MiB/s | ||
- | ^ twofish-xts | 512b | 13.4 MiB/s | ||
- | |||
- | ===== Ciphers benchmark ===== | ||
- | Each cipher was tested with following steps: | ||
- | * // | ||
- | * //luksOpen /dev/sda5 sda5// | ||
- | * benchmarks described in table below on / | ||
- | * create ext4fs on / | ||
- | * the same benchmarks but on mounted ext4 (writing/ | ||
- | |||
- | ^ test | ||
- | ^ hdparm | ||
- | ^ WR | //dd bs=16M count=128// | ||
- | ^ WR S | //dd bs=16M count=128// | ||
- | ^ WR DS | //dd bs=16M count=128// | ||
- | ^ RD | //dd bs=16M count=128// | ||
- | |||
- | REMARKS: | ||
- | - For XTS, only half of key is used, so for 128b cipher I need to specify -s 256. | ||
- | - Ext4 by default was created with lazy_init, to speed up creation process, but it can make impact on tests. | ||
- | - Before each test, flush by //sync && echo 3 > .../ | ||
- | |||
- | |||
- | |||
- | ^ 128b key ^^^^^^^^^^^^^^ | ||
- | ^ | ||
- | ^ ^ acc ^ hdparm ^ ^ WR ^ WR S ^ WR DS ^ RD ^ ^ | ||
- | ^cbc-plain | ||
- | ^ | SW | 11.80 | | 8.2 | 7.4 | | ||
- | ^ | ARM | 12.76 | | 8.9 | 7.2 | | ||
- | ^cbc-plain64 | ||
- | ^ | SW | 11.83 | | 8.2 | 7.4 | | ||
- | ^ | ARM | 12.73 | | 8.9 | 7.2 | | ||
- | ^cbc-essiv :sha256| HW | | ||
- | ^ | SW | | ||
- | ^ | ARM | 12.36 | | 8.7 | 7.0 | | ||
- | ^xts-plain | ||
- | ^ | ARM | 12.79 | | 9.3 | 7.5 | 10.1 | 13.60 | | 10.6 | 6.3 | 5.9 | ||
- | ^xts-plain64 | ||
- | ^ | ARM | 12.84 | | 9.3 | 7.5 | 10.2 | 13.70 | | 10.6 | 6.4 | 6.1 | ||
- | ^xts-essiv :sha256| SW | 10.30 | | 7.9 | 7.2 | | ||
- | ^ | ARM | 12.40 | | 9.1 | 7.5 | | ||
- | ^ 256b key ^^^^^^^^^^^^^^ | ||
- | ^ | ||
- | ^ ^ acc ^ hdparm ^ ^ WR ^ WR S ^ WR DS ^ | ||
- | ^cbc-plain | ||
- | ^ | SW | | ||
- | ^ | ARM | 10.32 | | 7.6 | 6.3 | | ||
- | ^cbc-plain64 | ||
- | ^ | SW | | ||
- | ^ | ARM | 10.24 | | 7.6 | 6.2 | | ||
- | ^cbc-essiv :sha256| HW | | ||
- | ^ | SW | | ||
- | ^ | ARM | | ||
- | ^xts-plain | ||
- | ^ | ARM | 10.09 | | 7.9 | 6.6 | | ||
- | ^xts-plain64 | ||
- | ^ | ARM | 10.14 | | 7.9 | 6.6 | | ||
- | ^xts-essiv :sha256| SW | | ||
- | ^ | ARM | | ||
- | ^ without encryption | ||
- | ^ | ||
- | ^ ^ acc ^ hdparm ^ ^ WR ^ WR S ^ WR DS ^ | ||
- | ^ / | ||
- | |||
- | |||
- | ===== file copy benchmark ===== | ||
- | Copy using //dd if=src_file of=dst_file conv=fsync// | ||
- | "It will synchronize output data and metadata just before finishing" | ||
- | ^ 128b key ^^^^^ | ||
- | ^ ^ acc ^ WR S ^ | ||
- | ^cbc-plain64 | ||
- | ^ | SW | | ||
- | ^ | ARM | | ||
- | ^cbc-essiv: | ||
- | ^ | SW | | ||
- | ^ | ARM | | ||
- | ^xts-plain64 | ||
- | ^ | ARM | | ||
- | ^ 256b key ^^^^^ | ||
- | ^ ^ acc ^ WR S ^ | ||
- | ^cbc-plain64 | ||
- | ^ | SW | | ||
- | ^ | ARM | | ||
- | ^cbc-essiv: | ||
- | ^ | SW | | ||
- | ^ | ARM | | ||
- | ^xts-plain64 | ||
- | ^ | ARM | | ||
- | |||
- | |||
- | ===== loaded CPU benchmark ===== | ||
- | Comparison SW & HW with loaded system | ||
- | < | ||
- | ^ | ||
- | ^ ^ acc ^ hdparm ^ ^ WR ^ WR S ^ WR DS ^ RD ^ ^ WR ^ WR S ^ WR DS ^ RD ^ ^ | ||
- | ^cbc-plain-128 | ||
- | ^ | SW | 6.13 | | 4.4 | 3.9 | 5.3 | 6.5 | | 5.0 | 4.0 | 4.0 | 6.4 | | | ||
- | ^ | ARM | 6.64 | | 4.8 | 4.2 | 5.4 | 7.0 | | 5.3 | 4.0 | 4.2 | 7.0 |*| | ||
- | ^cbc-plain-256 | ||
- | ^ | SW | 4.73 | | 3.6 | 3.4 | 4.0 | 5.0 | | 4.0 | 3.2 | 3.3 | 5.0 | | | ||
- | ^ | ARM | 5.31 | | 4.1 | 3.6 | 4.4 | 5.6 | | 4.4 | 3.4 | 3.6 | 5.6 | | | ||
- | |||
- | ===== Twofish cipher ===== | ||
- | (SW only) | ||
- | ^ | ||
- | ^ ^ key ^ hdparm ^ ^ WR ^ WR S ^ WR DS ^ RD ^ ^ WR ^ WR S ^ WR DS ^ RD ^ | ||
- | ^cbc-plain | ||
- | ^cbc-essiv: | ||
- | ^xts-plain | ||
- | ^xts-essiv: | ||
- | ^cbc-plain | ||
- | ^cbc-essiv: | ||
- | ^xts-plain | ||
- | ^xts-essiv: | ||
- | \\ | ||
- | ~~COMPLEX_TABLES~~ | ||
====== Features ====== | ====== Features ====== | ||
Line 405: | Line 244: | ||
====== Own kernel ====== | ====== Own kernel ====== | ||
- | here's no need to keep pestering the poor guy over simple config changes. It's easy to build your own kernel; the instructions are right there in the first post. On a debian host you need to add the emdebian repo and install gcc-4.7-arm-linux-gnueabi (or whatever version) and u-boot-tools to build the kernel. | + | There's no need to keep pestering the poor guy over simple config changes. It's easy to build your own kernel; the instructions are right there in the first post. On a debian host you need to add the emdebian repo and install gcc-4.7-arm-linux-gnueabi (or whatever version) and u-boot-tools to build the kernel. |
I just built one with device mapper and crypto target support, and threw in netfilter NAT stuff for giggles. | I just built one with device mapper and crypto target support, and threw in netfilter NAT stuff for giggles. | ||
Line 413: | Line 252: | ||
- | ==== Kernel 3.18 ==== | + | ===== Kernel 3.18 ===== |
Download lastest Jessie rootfs from: [[http:// | Download lastest Jessie rootfs from: [[http:// | ||
- | Or locally: {{: | + | Or locally: {{hw: |
Unpack rootfs to media, can be USB pendrive for now. | Unpack rootfs to media, can be USB pendrive for now. | ||
Line 427: | Line 266: | ||
Inside rootfs, there is /boot directory which contains bootable kernel, initrd and deveice trees. Go to newly unpacked roots directory and create images recognizable by u-boot. If command //mkimage// is missing, please install // | Inside rootfs, there is /boot directory which contains bootable kernel, initrd and deveice trees. Go to newly unpacked roots directory and create images recognizable by u-boot. If command //mkimage// is missing, please install // | ||
- | === Boot without Flattened Device Tree === | + | ===== Boot without Flattened Device Tree ===== |
This method is supported by old (stock) U-BOOT. In this case FDT structure is appended at end of kernel. | This method is supported by old (stock) U-BOOT. In this case FDT structure is appended at end of kernel. | ||
Line 458: | Line 297: | ||
</ | </ | ||
- | === Boot with Flattened Device Tree === | + | ===== Boot with Flattened Device Tree ===== |
- | **NOT SUPPORTED BY OLD (default U-BOOT** | + | **NOT SUPPORTED BY OLD (default U-BOOT)** |
< | < | ||
cd boot | cd boot | ||
Line 487: | Line 326: | ||
</ | </ | ||
- | === Adapt own devie tree file === | + | ===== Adapt own devie tree file ===== |
There are multiple HW versions of NSA310 on market, but only 2 device tree are defined in kernel: | There are multiple HW versions of NSA310 on market, but only 2 device tree are defined in kernel: | ||
- kirkwood-nsa310.dtb - all LEDs are bicolor (red and green), sensors device ' | - kirkwood-nsa310.dtb - all LEDs are bicolor (red and green), sensors device ' | ||
- kirkwood-nsa310a.dtb - like above but without red USB led, and sensor device ' | - kirkwood-nsa310a.dtb - like above but without red USB led, and sensor device ' | ||
- | My NSA310 version is like nsa310 but with lm85 :), so I've created {{: | + | My NSA310 version is like nsa310 but with lm85 :), so I've created {{hw: |
< | < |