[debian-yeeloong-project] tuned harddisk encryption
David Kuehling
dvdkhlng at gmx.de
Fri Jul 22 19:47:02 UTC 2011
hi,
as I wrote in my last mail I'm running a cryptoroot setup on my fuloong
6004 box. Since twofish (as well as aes) implementations in the kernel
have hand-tuned assembler implementations for x86/amd64, I somehow felt
that intel got an unfair advantage in dm-crypt performance.
To fix that I coded an assembler twofish-mips module for the linux
kernel. Here is the patch, and a userspace test-bench, in case you want
to give it a try:
http://mosquito.dyndns.tv/freesvn/trunk/linux/twofish-mips/twofish-mips.patch
http://mosquito.dyndns.tv/freesvn/trunk/linux/twofish-mips/
Debian's initrd is smart enough to chose twofish-mips from the 'arch'
directory over 'twofish_generic' from the 'crypto' directory, so it will
be automatically used.
Performance is still a little disappointing. Although pure crypto
performance in the test-bench is > 22MB/s, it's only 14 MB/s when used
through dm-crypt on my harddisk (reported by hdparm -t). Without the
assembler code it's 12MB/s on a self-compiled kernel, slightly slower
with the debian-backports loongson kernel.
Reasons might be the per-sector hash-compatation of the cbc-essiv:sha256
cipher mode, plus per-sector key setup which is somewhat expensive for
twofish.
cheers,
David
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk.gpg
Fingerprint: B17A DC95 D293 657B 4205 D016 7DEF 5323 C174 7D40
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-yeeloong-project/attachments/20110722/c4fcdfe0/attachment.pgp>
More information about the debian-yeeloong-project
mailing list