Speed up Linux crypto operations on the One A110 laptop with VIA Padlock

Mon, 2008-06-16 16:08 — Uwe Hermann

OK, so I've been hacking on and testing my shiny new One A110 mini-laptop during the last few days and I must say I'm very happy with it. I'll write up some more details later (check the wiki if you're impatient), but today I want to highlight a very nice feature of this laptop (compared to, for instance, the Eee PC): The VIA C7-M ULV CPU in the laptop has VIA Padlock support.

VIA Padlock is a hardware feature in recent VIA CPUs which provides hardware-accelerated AES and SHA-1/SHA-256 support, among other things. This can be used in Linux (with the proper drivers and patches) to improve performance of dm-crypt, OpenSSL (and all programs using it), scp, sha1sum, OpenVPN, etc. etc.

I have written a quite extensive VIA Padlock HOWTO and benchmarks in the A110 wiki (but all of this will work on other systems which have VIA Padlock, too). To summarize, here are the most important benchmarks:

dm-crypt (256bit AES, cbc-essiv:sha256)

Without VIA Padlock support:

$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
 Timing cached reads:   448 MB in  2.00 seconds = 223.47 MB/sec
 Timing buffered disk reads:   22 MB in  3.07 seconds =   7.17 MB/sec

With VIA Padlock support:

$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
 Timing cached reads:   502 MB in  2.00 seconds = 250.41 MB/sec
 Timing buffered disk reads:   90 MB in  3.07 seconds =  29.36 MB/sec

The native speed of the SSD in the laptop is 31.01 MB/sec, so there is almost no performance penalty when using VIA Padlock.

OpenSSL

OpenSSL speed benchmark, first line without Padlock, second line with Padlock enabled:

$ openssl speed -evp aes-256-cbc [-engine padlock]
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc       9187.18k    10572.28k    11054.32k    11179.36k    11218.02k
aes-256-cbc      47955.92k   150619.73k   325730.73k   458320.11k   520520.79k

ssh/scp

Without VIA Padlock support:

$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat                100%  159MB   5.9MB/s   00:27

With VIA Padlock support:

$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat                100%  159MB  14.5MB/s   00:11

OpenVPN

A real speed benchmark is pending (not measurable easily on 100MBit LAN, will try on a slower link), but as OpenVPN uses OpenSSL it should have roughly the same speedup iff you tell OpenVPN to use AES (it uses Blowfish per default).

Also, there's a measurable difference in CPU load while tranferring large files over OpenVPN: 8% CPU load with VIA Padlock (vs. 20% CPU load without VIA Padlock).

sha1sum / phe_sum

phe_sum is a small C program which can be used as drop-in replacement for sha1sum (which doesn't support VIA Padlock yet). Quick benchmark:

sha1sum, without VIA Padlock:

$ time sha1sum bigfile.dat
real    0m6.511s
user    0m5.864s
sys     0m0.412s

phe_sum (with VIA Padlock support):

$ time ./phe_sum bigfile.dat
real    0m1.149s
user    0m0.704s
sys     0m0.424s

All in all VIA Padlock gives you a pretty impressive speedup for many crypto-using applications on Linux, which is especially useful on the A110 mini-laptop (think OpenVPN or scp for mobile usage, and dm-crypt for an encrypted SSD, of course).

Comments

Wed, 2011-10-26 03:36 — Lucas Anthony@laptop overheating problem (not verified)

linuxSpeed

this blog will help me upgrade my Linux v2.6 and surely will improve the performance of dm-crypt. I can do more backups. thanks to this blog.

Sun, 2009-06-28 11:20 — Windows Tutorials (not verified)

great

Nice post and great article. Thanks for giving the information about the speed up Linux crypto operations on the one A110 laptop with via padlock. This was more useful and I will try it.

Tue, 2008-09-09 12:39 — PrasannaK (not verified)

OpenVPN via

Hi,

Was good to read that you've successfully tested OpenVPN with Via C7 Padlock. I've been trying intermittently and failing.

Could you please let me know the version of libssl, openvpn, kernel that you're using? I noticed on the other page that you are using a patched version of libssl. Is the patch required for just openVPN? Can I use "engine padlock" in OpenVPN to achieve the same effect?

Thank in advance,
Prasanna.

Tue, 2008-06-17 16:43 — ulrik (not verified)

git

would git benefit from faster sha1? I don't know how much of a bottleneck it is. It would be interesting if it actually could make a difference.

Tue, 2008-06-17 17:58 — Uwe Hermann

git and VIA Padlock

Hm, interesting question. Though git does use SHA-1 it won't benefit from Padlock in the default (Debian) config as it's linked against gnutls I think (which doesn't seem to support VIA Padlock). There's a (compile-time) option to use OpenSSL, in which case there could be some speedup. How much speedup there could be is unclear, maybe I'll have some time to test this a bit. If yes, I'll document the results in the A110 wiki...

Uwe.

Tue, 2008-06-17 08:56 — Anonymous (not verified)

Intel's newest processors

Intel's newest processors have hardware AES instructions.

Tue, 2008-06-17 12:58 — Uwe Hermann

Interesting, which ones

Interesting, which ones specifically? Do you mean the A110 or Atom stuff?

Mon, 2008-06-16 18:00 — Kai Hendry (not verified)

Canonical crypto setup howto?

Are you using encryption over LVM?

Could you provide a link how you setup /dev/mapper/hdc2_crypt exactly?

I tried encryption with LVM and got burnt. I probably messed it up.

Mon, 2008-06-16 18:19 — Uwe Hermann

Crypto setup

Hi, I wrote a short short install HOWTO in the wiki, but there's not much information yet about the crypto part. It's a stock Debian installer setup using dm-crypt, with LVM on top, with ext3 on top. All of that configured in the Debian installer, no manual command line hacking required.

Uwe.

Mon, 2008-06-16 17:19 — Dominik Seichter (not verified)

Interesting

Hi,

Thanks for this very interesting article. First of all, I am current thinking about buying an Eee PC and the A110 looks like an interesting alternative. I think, I'm going to follow your experiences on this blog for a while before deciding.

Secondly, I did not know about VIA Padlock. A pitty that OpenSSL and other tools cannot detect stuff like this during runtime :(. But I guess this would be hard to do, maybe though a nice summer-holidays project for someone. Do you know about other chips/cpus that have similar hardware encryption functionallity? I was not able to find one on google.

regards,
Dom

Mon, 2008-06-16 17:57 — Uwe Hermann

VIA Padlock alternatives

Hm, no, I don't know other CPUs with similar crypto engines. There are other chipsets with a hardware randum number generator (Padlock has one too), but I cannot think of a CPU with crypto acceleration right now.

As for the A110, I'd check all of the A110 wiki contents, there's lots of info about the machine there, or join #a110 on IRC for questions...

HTH, Uwe.

Tue, 2008-06-17 02:36 — Solomon Peachy (not verified)

Lots of embedded processors have onboard crypto

Ones I've used include the Intel IXP4xx processors, the IBM/AMCC PowerPC 40x parts, and the AMD Geode LX -- and they're a couple of generations out of date by now.

Granted, I don't know if they easily integrate into the kernel and/or OpenSSL, but the raw hardware support is there, and makes quite a difference given the relatively underpowered CPUs they're hooked up to.

Uwe Hermann | A slightly paranoid Debian developer

Menu

Blog Tags

Latest image

Recent comments

My identi.ca posts

My Other Sites

Creative Commons

Subscribe

Statistics