wiki

Speed up Linux crypto operations on the One A110 laptop with VIA Padlock

One Mini A110 subnotebook

OK, so I've been hacking on and testing my shiny new One A110 mini-laptop during the last few days and I must say I'm very happy with it. I'll write up some more details later (check the wiki if you're impatient), but today I want to highlight a very nice feature of this laptop (compared to, for instance, the Eee PC): The VIA C7-M ULV CPU in the laptop has VIA Padlock support.

VIA Padlock is a hardware feature in recent VIA CPUs which provides hardware-accelerated AES and SHA-1/SHA-256 support, among other things. This can be used in Linux (with the proper drivers and patches) to improve performance of dm-crypt, OpenSSL (and all programs using it), scp, sha1sum, OpenVPN, etc. etc.

I have written a quite extensive VIA Padlock HOWTO and benchmarks in the A110 wiki (but all of this will work on other systems which have VIA Padlock, too). To summarize, here are the most important benchmarks:

dm-crypt (256bit AES, cbc-essiv:sha256)

VIA Padlock dm-crypt benchmark

Without VIA Padlock support:

$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
 Timing cached reads:   448 MB in  2.00 seconds = 223.47 MB/sec
 Timing buffered disk reads:   22 MB in  3.07 seconds =   7.17 MB/sec

With VIA Padlock support:

$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
 Timing cached reads:   502 MB in  2.00 seconds = 250.41 MB/sec
 Timing buffered disk reads:   90 MB in  3.07 seconds =  29.36 MB/sec

The native speed of the SSD in the laptop is 31.01 MB/sec, so there is almost no performance penalty when using VIA Padlock.

OpenSSL

VIA Padlock OpenSSL benchmark

OpenSSL speed benchmark, first line without Padlock, second line with Padlock enabled:

$ openssl speed -evp aes-256-cbc [-engine padlock]
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc       9187.18k    10572.28k    11054.32k    11179.36k    11218.02k
aes-256-cbc      47955.92k   150619.73k   325730.73k   458320.11k   520520.79k

ssh/scp

VIA Padlock scp benchmark

Without VIA Padlock support:

$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat                100%  159MB   5.9MB/s   00:27

With VIA Padlock support:

$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat                100%  159MB  14.5MB/s   00:11

OpenVPN

A real speed benchmark is pending (not measurable easily on 100MBit LAN, will try on a slower link), but as OpenVPN uses OpenSSL it should have roughly the same speedup iff you tell OpenVPN to use AES (it uses Blowfish per default).

Also, there's a measurable difference in CPU load while tranferring large files over OpenVPN: 8% CPU load with VIA Padlock (vs. 20% CPU load without VIA Padlock).

sha1sum / phe_sum

VIA Padlock sha1sum / phe_sum benchmark

phe_sum is a small C program which can be used as drop-in replacement for sha1sum (which doesn't support VIA Padlock yet). Quick benchmark:

sha1sum, without VIA Padlock:

$ time sha1sum bigfile.dat
real    0m6.511s
user    0m5.864s
sys     0m0.412s

phe_sum (with VIA Padlock support):

$ time ./phe_sum bigfile.dat
real    0m1.149s
user    0m0.704s
sys     0m0.424s

All in all VIA Padlock gives you a pretty impressive speedup for many crypto-using applications on Linux, which is especially useful on the A110 mini-laptop (think OpenVPN or scp for mobile usage, and dm-crypt for an encrypted SSD, of course).

Unmaintained Free Software progress

Unmaintained Free Software new main page

Yet another Unmaintained Free Software update:

Thanks to Matthias (again), we now have a wonderful new main page in the wiki, which looks a lot better than the old one which I had created a long time ago...

The nice icons were created by David Vignoni for the Nuvola icon theme for KDE 3.x. They're available under terms of the GNU LGPL.

Many other things in the wiki are currently undergoing a long-overdue update and fixing phase. I plan to upgrade the MediaWiki installation we're using, and some new MediaWiki extensions will be added, too.

Oh, and I created and installed a nice favicon for the site, based on the project logo. If you ever wondered how those things are created, here's one possibility:

  1. Create two PNG images, one 16x16, one 32x32 pixels.
  2. apt-get install icoutils
  3. icotool -c foo16x16.png foo32x32.png > favicon.ico
  4. Place the resulting favicon.ico file in your DocumentRoot. Done.

I'm sure there are other and better ways to do it, but this was the first I came up with after a quick apt-cache search favicon.

New Unmaintained Free Software logo

New Unmaintained Free Software logo

Thanks to the great work of Matthias we now have a great new logo for the Unmaintained Free Software wiki.

Thats' all.

Trac - web-based project management with wiki + bug-tracker + svn code browser

Trac screenshot

I've started looking at Trac recently, a nice web-based project management tool written in Python.

It integrates with existing Subversion repositories; for example, you can browse the code in your repositories with Trac (it'll be displayed syntax-highlighted), view diffs between revisions etc. etc. Additionally, you get a wiki (e.g. for project documentation), as well as a built-in bug-tracker a la Bugzilla, all integrated nicely into a single piece of software...

It's Free Software, of course (the license changed from GPL to revised BSD somewhat recently)...

A few words on the installation:

  • First, install Trac, e.g. via apt-get install trac.
  • Then create a so-called Trac environment with trac-admin /path/to/environment/myproject initenv. You'll be asked where your svn repository resides, what's the name of the project etc.
  • You can then edit /path/to/environment/myproject/conf/trac.ini, and change the header logo/URL, the default component/priority/issue-owner and more.
  • For more administration, I recommend using the interactive Trac shell via trac-admin /path/to/environment/myproject. Type "help" for um... help.
  • Read the docs for how to setup the web server in order to run Trac (you can use CGI, FastCGI, or mod_python).

So far I've set up ca. 7-8 Trac instances for various projects and I'm quite happy with it. While I was at it, I also created a tiny Trac article in the German Wikipedia.

You can get tons of useful plugins and macros over at trac-hacks.org for additional functionality, e.g. DoxygenPlugin, GanttPlugin, DebianBtsMacro, and many more.

Computer Forensics Wiki

For everyone who might be interested in computer forensics, data recovery (e.g. ext2/vfat undelete), file system internals, digital evidence, or just playing around with dd, The Sleuth Kit or similar tools:

Checkout Simson Garfinkel's Forensics Wiki which gathers information on the above topics and many more. The content is licensed under the Creative Commons Attribution-ShareAlike 2.5 license.

Contributors welcome!

Syndicate content