• State
  • Locked Locked
  • Replies 7 replies
  • Subscribers 101 subscribers
  • Views 3184 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

BeagleboneBlack AM335x HW Cryptography Accelerator

EricChen
Prodigy 30 points

Hi there,

I've studied the following links but still have questions regarding the HW Cryptography Acceleartor
AM335x Crypto Performance: http://processors.wiki.ti.com/index.php/AM335x_Crypto_Performance
Cryptography Users Guide: http://processors.wiki.ti.com/index.php/Cryptography_Users_Guide
Sitara Device Crypto Performance Comparison
http://processors.wiki.ti.com/index.php/Sitara_Device_Crypto_Performance_Comparison

Questions:
1.
Can you share the hardware level documentation of the BeagleboneBlack HW Cryptographic Accelerator ?

2.
Other than using the command line openssl speed test from the SDK, can you share other performance test suite/tools for the Hardware Cryptographic Accelerator?

3.
What are the maximum and minimum throughputs of the HW Cryptographic Accelerator on BeagleboneBlack? What test suites tool do you use for the throughput testing/verification? Can you share the test suites?

4.
What is the maximum number of concurrent SSL sessions that can be supported by the BeagleboneBlack HW Cryptographic Accelerator? Can you also share the theory of operations of how does the HW cryptographic accelerator handle the simultaneous SSL sessions operations?

 
According to the http://processors.wiki.ti.com/images/8/80/Enabling_DM_Crypt_V4_SDK6_00.pdf, HW Cryptography Accelerator can be verified by either using the JTAG and set hardware breakpoints of the hw crypto functions or manually checking/calculating the EDMA (IRQ#12) interrupt count during cryptographic operations.

5.
Does the above pdf apply to the BeagleboneBlack? Is there any other more definitive mean of verification that the HW Cryptography Accelerator is working as expected on BeagleboneBlack?

Thanks, --Eric

  • 0
    TI__Genius 13505 points

    Eric,

    I will work on getting more complete responses to your queries and give you an update by middle-to-end of this week.  Is this for a specific project, or working testing fundamentals for a  proof-of-concept?

    1)  We can release the crypto documentation to your FAE- who are you working with?

    2)  OpenSSL is the only tool we have ran and compiled data for in Linux, primarily because that is the security suite we provide with the SDK, so it makes it easier for users to duplicate on their end.

    3)  What algorithms are you interested in?  

    4)  I will need to investigate this.

    5)  Another method is to use the time command, e.g.: time -v openssl speed -evp sha1 -engine cryptodev

    Here is sample output:

    Command being timed: "openssl speed -evp sha1 -engine cryptodev"

            User time (seconds): 2.24
            System time (seconds): 6.86
            Percent of CPU this job got: 60%
            Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 15.03s

    An OpenSSL speed test will generally peg the CPU usage if the hardware accelerator is not being used, so seeing a CPU usage value in the 50-60% range indicates the hw accelerator was used.  

    Crypto operations will dominate over general overhead for buffers around 1MB or larger, so you can get a good idea if the hw accelerators are working or not.  It is generally a 1-2x order of magnitude, so it's quite clear if they are working or not.

    Are you trying to verify the hw accelerators are working, or do you need a programatic means as part of a diagnostic test?

    Regards,

    Mike

  • 0 in reply to Michael Erdahl
    Prodigy 30 points

    Mike, thanks and really appreciated your help.

    I work at Cisco and our FAE is Monica Lam.

    I recently joined the CL, Connected-Life, project development and these questions are for the TI AM335x SoC that we'll soon receive from TI for the CL project

    I'm most interested in the TLSCipherSuites and, particularly, the TLS_RSA_WITH_AES_128_CBC_SHA.

    Yes, I've tried numerous "time -v openssl speed -evp ... -engine cryptodev" commands and observed the CPU usages before posting the questions. But, as I've mentioned, I'm looking for more deterministic way of knowing that the HW crypto accelerators is alive and well in real-time and not in the user interactive-mode.

    This would help for not only the diagnostic mode but also the performance evaluation and understanding of how the HW Cryptography Accelerator serialize the cipher operations among active concurrent SSL sessions.

    Thanks,
    --Eric

  • 0 in reply to EricChen
    TI__Genius 13505 points

    Eric,

    Thanks for the clarification- did the documentation help you?

    Watching bits in the crypto module in situ is going to be a little tricky unless you actually instrument the driver.  One option there would be to emit a debug message to the syslog when FLAGS_BUSY is set (see /ti-sdk-am335x-evm-06.00.00.00/board-support/linux-3.2.0-psp04.06.00.11/drivers/crypto/omap4-aes.c).  #define DEBUG at the top of omap4-aes.c to enable debugging messages.

     /drivers/crypto/omap4_sham.c is similarly instrumented to log when hardware/ software is used.  You will see xmit_dma in the syslog if the hardware accelerator is being used.

    You can use this debugging to convince yourself the cryptos are being used, then disable to measure maximum throughput.

    If you're running multiple threads, perhaps writing a log of elapsed time/ throughput may be the most straight-forward.

    I still owe you an answer regarding simultaneous SSL sessions- I believe there are register bits to save the module's context, and trigger an interrupt when the context is ready to be read/ swapped.

    Regards,

    Mike

  • 0 in reply to Michael Erdahl
    Prodigy 30 points

    Hi Michael,

    Thanks again for the documentation. I've been studying it still. I'm in a 4-days training class this week but shall get back to this on Friday which I'll provide more details.

    Thanks, --Eric

  • 0 in reply to EricChen
    TI__Genius 13505 points

    Eric,

    Regarding simultaneous OpenSSL connections, the AES module does not use the context-saving features of the hardware, rather the traffic to the AES module is time-sliced.  Further, the AES module will operate exclusively on a buffer until it has encrypted/ decrypted the programmed length of the buffer.  So in your case, the buffer sizes will likely be packed-sized, so each packet will be encrypted/ decrypted in a FIFO manner.

    Regards,

    Mike

  • 0 in reply to Michael Erdahl
    Genius 4965 points

    Hi,

    Sorry for my reply into this thread.
    Are there any restrictions on who will get the crypto documentation? Our FAE told me that just customers who uses HS (High secure) devices will get the documantation. I can't understand this as the crypto module is part of the general purpose AM335x as well.

    Best regards,
    Patrick 

  • 0 in reply to Patrick Ruf
    TI__Mastermind 26205 points

    please contact me (ralmeida@ti.com) using your corporate email