Problem with GELI and hifn (soekris vpn1401 and vpn 1411)
ovi freebsd
lists at freebsdonline.com
Mon Apr 20 06:59:09 UTC 2009
Hello
I just bought two soekris vpn1401 and vpn 1411 cards (minipci and pci)
and I've tried to make it work under FreeBSD.
The card is detected properly, still I have no improvments in
performance when using crypto hardware and also when I transfer file to
an encrypted partition it locks itself and I must reboot.
hifn0 mem 0xe0080000-0xe0080fff,0xe00c0000-0xe00c1fff,0xe0100000-0xe0107fff irq 9 at device 12.0 on pci0
hifn0: [ITHREAD]
hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult>
GEOM_ELI: Device da0s1g.eli created.
GEOM_ELI: Encryption: AES-CBC 256
GEOM_ELI: Crypto: hardware
I've also tried with AES 128. Same result.
After it locks i must reboot and then the encryptend partition cannot be
mount. Trying to fsck the partition (after attaching it) it still locks:
fsck is not doing anything.
last pid: 1162; load averages: 0.00, 0.00, 0.00 up 0+03:06:34 16:02:33
30 processes: 1 running, 29 sleeping
Mem: 25M Active, 976K Inact, 12M Wired, 1804K Cache, 34M Buf, 199M Free
Swap: 700M Total, 700M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
965 root 1 -8 0 31812K 12016K physrd 0:01 0.00% fsck_ufs
642 root 1 44 0 5876K 2296K select 0:00 0.00% sendmail
fs# fsck -t ufs /dev/da0s1g.eli
** /dev/da0s1g.eli
***** FILE SYSTEM STILL DIRTY *****
** Last Mounted on /usr/home/fileserver
** Phase 1 - Check Blocks and Sizes
And it stays at Phase 1 like forver (fsck-ing for 4-5 hours now).
Removing hifn module, detaching and attaching the geli partition it
fscks ok.
I've checked, everything is setup ok, I've tried with compiled kernel or
modules loaded at boot.
I've tried a test with OpenSSL:
time dd if=/dev/zero bs=1m count=100 | openssl des3 -pass pass:test -engine cryptodev -out /dev/null
results:
Without hardware encryption
---------------------------
Code:
engine "cryptodev" set.
100+0 records in
100+0 records out
104857600 bytes transferred in 46.245892 secs (2267393 bytes/sec)
With hardware encryption
------------------------
Code:
engine "cryptodev" set.
100+0 records in
100+0 records out
104857600 bytes transferred in 21.653051 secs (4842625 bytes/sec)
It works 2x with hardware (as advertised by others on mailing lists), so
I think is a problem with geli+hifn.
If you have any experience with this issue please advice.
Tests were made on PCEngines Alix board with mini pci soekris vpn1411
and a regular PC with PCI soekris vpn1401.
best regards,
ovi
More information about the freebsd-hardware
mailing list