ytn Posted May 23, 2015 Posted May 23, 2015 Igor, Could you consider adding the security system patches for Allwinner.. or maybe as a configurable option? https://lkml.org/lkml/2015/5/14/278
Igor Posted May 23, 2015 Posted May 23, 2015 Not now. There was a recent discussion among comments that it actually doesn't bring any significant improvement. Yet.
tsgan Posted July 25, 2015 Posted July 25, 2015 On 5/23/2015 at 8:26 PM, Igor said: Not now. There was a recent discussion among comments that it actually doesn't bring any significant improvement. Yet. What version of the images have Security System patches? I saw http://www.lemaker.org/thread-8867-1-1.html Are there any benchmark results with or without security system patches?
Igor Posted July 25, 2015 Posted July 25, 2015 In added this long time ago to kernel 3.4 ... which is not supported anymore by the author. We should try this with kernel 4.x ... i haven't done the tests - I read somewhere that we don't gain much. Can't remember where
ytn Posted July 27, 2015 Author Posted July 27, 2015 On 7/25/2015 at 4:46 AM, Igor said: In added this long time ago to kernel 3.4 ... which is not supported anymore by the author. We should try this with kernel 4.x ... i haven't done the tests - I read somewhere that we don't gain much. Can't remember where The patches have been accepted into mainline for 4.3. See the Status section of http://sunxi.montjoie.ovh/ Although I haven't done any benchmarking myself, I would be surprised if the patches didn't add a boost to security functions. I believe you have to patch openSSL to use the changes or you won't notice much of a boost.
tkaiser Posted July 27, 2015 Posted July 27, 2015 On 7/27/2015 at 7:00 AM, ytn said: http://sunxi.montjoie.ovh/ And there you find benchmarks as well...
tsgan Posted July 29, 2015 Posted July 29, 2015 On 7/27/2015 at 7:00 AM, ytn said: The patches have been accepted into mainline for 4.3. See the Status section of http://sunxi.montjoie.ovh/ Although I haven't done any benchmarking myself, I would be surprised if the patches didn't add a boost to security functions. I believe you have to patch openSSL to use the changes or you won't notice much of a boost. Right, OpenSSL needs to be able to use hardware cryptographic accelerator, it seems either via AF_ALG or cryptodev. A80/A83 or H3 SoC can be interesting since they support RSA
Recommended Posts