4 4
kimidare

Arm board with hardware accelerated AES out-of-the-box in Armbian?

Recommended Posts

Well, if I'm not wrong, any arm64 board will have crypto extensions, since these are part of the ARMv8 specification. So anything 64-bit will do the job. A RK3399 will be very fast.

Share this post


Link to post
Share on other sites

You're right, now I remembered there are some arm64 SoC's that don't have crypto extensions because the manufacturer didn't pay the license. For example, Amlogic S905 (though S905X has the extensions). So we can also discard Odroid C2 and Nanopi K2.

Share this post


Link to post
Share on other sites
7 hours ago, kimidare said:

Does it mean AES CBC will be hardware accelerated out-of-the-box on Allwinner H3 boards when armbian starts to ship kernel 5.5?


Yes. Sometimes we implement such features even before ... 5.5 will probably landed to Armbian DEV kernel in 1/2020 while switching on stable will happen later. In case once wants to have this in the next LTS kernel (5.4.y) it has to be ported.

Share this post


Link to post
Share on other sites

In addition to H3, other 32 bit boards already have HW crypto support in Armbian, as Odroid XU4 for example. But these older crypto implementations are slower than more recent arm64 boards (ref1 ref2)

Share this post


Link to post
Share on other sites

Also, if you are going to use the board for LUKS encrypted storage, you may want to have good disk IO performance. So you should probably aim for something with USB3 or PCI support. Rock64 seems like a good option to me, if you want something affordable.

Share this post


Link to post
Share on other sites

I trying to use LUKS on an 5.5 Kernel on an H3 SOC with armbian. The  default cipher of luks currently is aes-xts-plain64 which is fine from a security point of view but as far as i understand the datasheet is not supported by allwinners CE.

I'm struggling to find a the correct cipher name for a aes-cbc mode that will be accepted by the luks and is supported by the kernel.

looking at the cryptsetup benchmark it seems non of the ciphers uses hardware acceleration or at least it is very slow. 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
4 4