Problem with GELI and hifn (soekris vpn1401 and vpn 1411)

ovi freebsd lists at freebsdonline.com
Mon Apr 20 06:59:09 UTC 2009 

Hello

I just bought two soekris vpn1401 and vpn 1411 cards (minipci and pci) 
and I've tried to make it work under FreeBSD.

The card is detected properly, still I have no improvments in 
performance when using crypto hardware and also when I transfer file to 
an encrypted partition it locks itself and I must reboot.

hifn0 mem 0xe0080000-0xe0080fff,0xe00c0000-0xe00c1fff,0xe0100000-0xe0107fff irq 9 at device 12.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>

GEOM_ELI: Device da0s1g.eli created.
GEOM_ELI: Encryption: AES-CBC 256
GEOM_ELI:     Crypto: hardware


I've also tried with AES 128. Same result.

After it locks i must reboot and then the encryptend partition cannot be 
mount. Trying to fsck the partition (after attaching it) it still locks: 
fsck is not doing anything.

last pid:  1162;  load averages:  0.00,  0.00,  0.00  up 0+03:06:34    16:02:33
30 processes:  1 running, 29 sleeping

Mem: 25M Active, 976K Inact, 12M Wired, 1804K Cache, 34M Buf, 199M Free
Swap: 700M Total, 700M Free

  PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
  965 root        1  -8    0 31812K 12016K physrd   0:01  0.00% fsck_ufs
  642 root        1  44    0  5876K  2296K select   0:00  0.00% sendmail



fs# fsck -t ufs /dev/da0s1g.eli
** /dev/da0s1g.eli

***** FILE SYSTEM STILL DIRTY *****
** Last Mounted on /usr/home/fileserver
** Phase 1 - Check Blocks and Sizes


And it stays at Phase 1 like forver (fsck-ing for 4-5 hours now). 
Removing hifn module, detaching and attaching the geli partition it 
fscks ok.

I've checked, everything is setup ok, I've tried with compiled kernel or 
modules loaded at boot.



I've tried a test with OpenSSL:

time dd if=/dev/zero bs=1m count=100 | openssl des3 -pass pass:test -engine cryptodev -out /dev/null


results:
Without hardware encryption
---------------------------
Code:

engine "cryptodev" set.
100+0 records in
100+0 records out
104857600 bytes transferred in 46.245892 secs (2267393 bytes/sec)

With hardware encryption
------------------------
Code:

engine "cryptodev" set.
100+0 records in
100+0 records out
104857600 bytes transferred in 21.653051 secs (4842625 bytes/sec)

It works 2x with hardware (as advertised by others on mailing lists), so 
I think is a problem with geli+hifn.

If you have any experience with this issue please advice.

Tests were made on PCEngines Alix board with mini pci soekris vpn1411 
and a regular PC with PCI soekris vpn1401.

best regards,
ovi

More information about the freebsd-hardware mailing list