Ambachtelijk bereide beschouwingen.

Some quick numbers for those looking for performance figures on the CESA crypto accelerator. Like I was, since my SheevaPlug has one. From the kernel config:

This driver allows you to utilize the Cryptographic Engines and Security Accelerator (CESA) which can be found on the Marvell Orion and Kirkwood SoCs, such as QNAP’s TS-209.
Currently the driver supports AES in ECB and CBC mode without DMA.

Whether the accelerator will be used depends on whether an application uses the in-kernel crypto algorithms. OpenSSL does not unless it is explicitly enabled to use a certain accelerator, such as is the case with the Via Padlock engine. So this particular engine won’t let your SSH run faster. But it will speed up device mapper crypto if you use an AES cipher.

Right, let’s get on with it.

#uname -a
Linux sheeva 2.6.32-gentoo-r3 #3 Thu Feb 4 23:02:42 CET 2010 armv5tel Feroceon 88FR131 rev 1 (v5l) Marvell SheevaPlug Reference Board GNU/Linux

Quick & oh-so-dirty way of getting a RAM-backed block device (that is, if you don’t have swap enabled):

#mount -t tmpfs tmpfs /mnt/tmp/
#dd if=/dev/zero of=/mnt/tmp/blob bs=1M count=224
#losetup /dev/loop0 /mnt/tmp/blob
#cryptsetup -c aes -h sha1 -d /dev/urandom create test /dev/loop0

First we test without CESA.

#dd if=/dev/zero of=/dev/mapper/test bs=1M count=224
234881024 bytes (235 MB) copied, 41.858 s, 5.6 MB/s

Only 5.6 MB/s and the [kcryptd] kernel process is having your CPU for lunch.
Enter CESA:

#dmsetup remove test
#modprobe mv_cesa
#cryptsetup -c aes -h sha1 -d /dev/urandom create test /dev/loop0
#dd if=/dev/zero of=/dev/mapper/test bs=1M count=224
234881024 bytes (235 MB) copied, 18.0525 s, 13.0 MB/s

13.0 MB/s and there’s a new kernel process, [mv_crypto]. It’s eating about three times as much CPU as [kcryptd]. That means it’s offloading, which is good. The results are consistent over time so let’s say there’s a 2.5-fold performance gain.
The loop device setup causes some overhead. Out in the wild you’ll get about 19 MB/s writing to USB HDD. Cheers!

Tags: , ,
categoryComments Off

Comments are closed.

© 2009-2011 Wicher Minnaard | electronic mail | theme: righteously modified "dark strict"