Date: Mon, 20 Apr 2009 09:39:54 +0300 From: ovi freebsd <lists@freebsdonline.com> To: freebsd-hardware@freebsd.org Subject: Problem with GELI and hifn (soekris vpn1401 and vpn 1411) Message-ID: <49EC18BA.8020801@freebsdonline.com>
next in thread | raw e-mail | index | archive | help
Hello I just bought two soekris vpn1401 and vpn 1411 cards (minipci and pci) and I've tried to make it work under FreeBSD. The card is detected properly, still I have no improvments in performance when using crypto hardware and also when I transfer file to an encrypted partition it locks itself and I must reboot. hifn0 mem 0xe0080000-0xe0080fff,0xe00c0000-0xe00c1fff,0xe0100000-0xe0107fff irq 9 at device 12.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult> GEOM_ELI: Device da0s1g.eli created. GEOM_ELI: Encryption: AES-CBC 256 GEOM_ELI: Crypto: hardware I've also tried with AES 128. Same result. After it locks i must reboot and then the encryptend partition cannot be mount. Trying to fsck the partition (after attaching it) it still locks: fsck is not doing anything. last pid: 1162; load averages: 0.00, 0.00, 0.00 up 0+03:06:34 16:02:33 30 processes: 1 running, 29 sleeping Mem: 25M Active, 976K Inact, 12M Wired, 1804K Cache, 34M Buf, 199M Free Swap: 700M Total, 700M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 965 root 1 -8 0 31812K 12016K physrd 0:01 0.00% fsck_ufs 642 root 1 44 0 5876K 2296K select 0:00 0.00% sendmail fs# fsck -t ufs /dev/da0s1g.eli ** /dev/da0s1g.eli ***** FILE SYSTEM STILL DIRTY ***** ** Last Mounted on /usr/home/fileserver ** Phase 1 - Check Blocks and Sizes And it stays at Phase 1 like forver (fsck-ing for 4-5 hours now). Removing hifn module, detaching and attaching the geli partition it fscks ok. I've checked, everything is setup ok, I've tried with compiled kernel or modules loaded at boot. I've tried a test with OpenSSL: time dd if=/dev/zero bs=1m count=100 | openssl des3 -pass pass:test -engine cryptodev -out /dev/null results: Without hardware encryption --------------------------- Code: engine "cryptodev" set. 100+0 records in 100+0 records out 104857600 bytes transferred in 46.245892 secs (2267393 bytes/sec) With hardware encryption ------------------------ Code: engine "cryptodev" set. 100+0 records in 100+0 records out 104857600 bytes transferred in 21.653051 secs (4842625 bytes/sec) It works 2x with hardware (as advertised by others on mailing lists), so I think is a problem with geli+hifn. If you have any experience with this issue please advice. Tests were made on PCEngines Alix board with mini pci soekris vpn1411 and a regular PC with PCI soekris vpn1401. best regards, ovi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EC18BA.8020801>