• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 99 subscribers
  • Views 1338 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

HW Crypto Engine support in new SDK

Qmax
Expert 2280 points
Other Parts Discussed in Thread: AM3505

Hi,

Will forthcoming SDK 05.05.00.00 include support for HW Crypto Engine? And which will be the userspace interface: a "standard" crypto dev based on kernel OCF?

Will common libraries (libcrypto, openssl) require specific customizations and rebuilding to use it?

Thanks for any news (hopefully good...) and further details: it's a long time we are waiting for, with no clear schedule about it.

Best regards,

Max

  • 0
    TI__Expert 5450 points

    Max,

    Yes.  The Sitara Linux SDK 05.05.00.00 will have support for the crypto HW using cryptoapi and an OCF wrapper.  Our example applications use openssl as shipped in the SDK to utilize the crypto accelerators.

    Chase

  • 0 in reply to Chase Maupin
    Expert 2280 points

    Chase, that's a good news, thanks.

    Do you know if SDK 05.05.00.00 will be released as expected (today, accordingly to SDG wiki page), or if its delivery date has been postponed? It is expected to be based on PSP 04.06.00.08 but I cannot see any 4.6.0.8 tag or branch on git repo, nor any commit related to OCF and crypto driver into staging development branch.

    It would be really important for our planning to know something more on the real delivery date.

    Thanks one more. Best regards,

    Max

  • 0 in reply to Qmax
    TI__Expert 5450 points

    Max,

    The release has been pushed to July 15th at the earliest.  I will update the wiki.

    Chase

  • 0 in reply to Chase Maupin
    Expert 2280 points

    Chase,

    Thanks for your answer: unfortunately I've seen the release as already moved to July the 31st (as scheduled date...) :(

    In the meanwhile I'm looking at patches by Greg Turner that you have committed to Arago project: I've found them here. I've patched PSP 04.06.00.07 kernel, and it seems fine, then I've tried to run some tests, with "cryptotest" and "openssl speed" tools. Just to summarize the main result, I'm obtaining very poor performances with small size blocks:

    cryptotest -a aes256 200 16 64 256 1024 8192
       0.021 sec,     400 aes256 crypts,      16 bytes,   309777 byte/sec,     2.4 Mb/sec
       0.021 sec,     400 aes256 crypts,      64 bytes,  1233616 byte/sec,     9.4 Mb/sec
       0.023 sec,     400 aes256 crypts,     256 bytes,  4497936 byte/sec,    34.3 Mb/sec
       0.036 sec,     400 aes256 crypts,    1024 bytes, 11461831 byte/sec,    87.4 Mb/sec
       0.127 sec,     400 aes256 crypts,    8192 bytes, 25829642 byte/sec,   197.1 Mb/sec

    openssl speed -evp aes-256-cbc -engine cryptodev
    Doing aes-256-cbc for 3s on 16 size blocks: 55485 aes-256-cbc's in 0.05s
    Doing aes-256-cbc for 3s on 64 size blocks: 55675 aes-256-cbc's in 0.05s
    Doing aes-256-cbc for 3s on 256 size blocks: 50666 aes-256-cbc's in 0.06s
    Doing aes-256-cbc for 3s on 1024 size blocks: 32663 aes-256-cbc's in 0.04s
    Doing aes-256-cbc for 3s on 8192 size blocks: 9434 aes-256-cbc's in 0.02s

    While without the patches (so with no hw accelerator) I obtain always approx 55-65 Mbps for all sizes:

    openssl speed aes-256-cbc
    Doing aes-256 cbc for 3s on 16 size blocks: 1397470 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 64 size blocks: 374059 aes-256 cbc's in 2.98s
    Doing aes-256 cbc for 3s on 256 size blocks: 95815 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 1024 size blocks: 24104 aes-256 cbc's in 2.99s
    Doing aes-256 cbc for 3s on 8192 size blocks: 3010 aes-256 cbc's in 2.98s

    Is it as expected or I'm doing something wrong?

    Max

  • 0 in reply to Qmax
    TI__Intellectual 1250 points

    Max,

    This is as expected.  For small block sizes, it is faster to perform the crypto functions in software.  Using the hw accelerator requires moving data into and out of the crypto modules.  As you show above, the throughput with hw acceleration overtakes the sw only mode somewhere around 1024 byte block sizes.

    There is another aspect to performance that should also be considered.  Using the hw accelerators reduces the CPU bandwidth during crypto functions.  Try using "time -v" in front the command and observe the difference in CPU usage.  For example:

    time -v cryptotest -a aes256 200 16 64 256 1024 8192

    This should give some indication as to how much CPU bandwidth is being saved with hw acceleration.

    Regards,

    Greg Turner

  • 0 in reply to Chase Maupin
    Expert 2280 points

    Chase,

    I've just had a quick look at Kernel PSP version 04.06.00.08 which has been tagged few days ago on Arago GIT repository, and I did not found any integration of HW Crypto support. Does it mean it has been deferred and will no more be included into SDK 05.05.00.00?

    Max

  • 0 in reply to Qmax
    TI__Expert 5450 points

    Max,


    No, crypto HW support WILL be in the 05.05.00.00 release.  It is a patch set applied on top of the base PSP kernel which is why you did not find it in the kernel git tree.  The patch set needs to be reworked to get accepted into the kernel git tree.

    Chase

  • 0 in reply to Chase Maupin
    Expert 2280 points

    Thanks for the confirmation: I wanted to be pretty sure before moving my customizations from one git branch to another.

    Regards

  • 0 in reply to Qmax
    Expert 1125 points
    For the 05.05.00.00 SDK, does the support include the AM3505 processor?