[debian-yeeloong-project] tuned harddisk encryption

David Kuehling dvdkhlng at gmx.de
Fri Jul 22 19:47:02 UTC 2011


as I wrote in my last mail I'm running a cryptoroot setup on my fuloong
6004 box.  Since twofish (as well as aes) implementations in the kernel
have hand-tuned assembler implementations for x86/amd64, I somehow felt
that intel got an unfair advantage in dm-crypt performance.

To fix that I coded an assembler twofish-mips module for the linux
kernel.  Here is the patch, and a userspace test-bench, in case you want
to give it a try:


Debian's initrd is smart enough to chose twofish-mips from the 'arch'
directory over 'twofish_generic' from the 'crypto' directory, so it will
be automatically used.

Performance is still a little disappointing.  Although pure crypto
performance in the test-bench is > 22MB/s, it's only 14 MB/s when used
through dm-crypt on my harddisk (reported by hdparm -t).  Without the
assembler code it's 12MB/s on a self-compiled kernel, slightly slower
with the debian-backports loongson kernel.

Reasons might be the per-sector hash-compatation of the cbc-essiv:sha256
cipher mode, plus per-sector key setup which is somewhat expensive for


GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk.gpg
Fingerprint: B17A DC95 D293 657B 4205  D016 7DEF 5323 C174 7D40
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-yeeloong-project/attachments/20110722/c4fcdfe0/attachment.pgp>

More information about the debian-yeeloong-project mailing list