kimidare Posted December 18, 2019 Share Posted December 18, 2019 Is there any? Intended use: LUKS. Link to comment Share on other sites More sharing options...
JMCC Posted December 18, 2019 Share Posted December 18, 2019 Well, if I'm not wrong, any arm64 board will have crypto extensions, since these are part of the ARMv8 specification. So anything 64-bit will do the job. A RK3399 will be very fast. Link to comment Share on other sites More sharing options...
manuti Posted December 18, 2019 Share Posted December 18, 2019 Not AES in the popular Raspberry Pi 4 even if they claim to be ARMv8. Link to comment Share on other sites More sharing options...
JMCC Posted December 18, 2019 Share Posted December 18, 2019 You're right, now I remembered there are some arm64 SoC's that don't have crypto extensions because the manufacturer didn't pay the license. For example, Amlogic S905 (though S905X has the extensions). So we can also discard Odroid C2 and Nanopi K2. 1 Link to comment Share on other sites More sharing options...
kimidare Posted December 18, 2019 Author Share Posted December 18, 2019 https://linux-sunxi.org/Cryptographic_Hardware_Accelerators Does it mean AES CBC will be hardware accelerated out-of-the-box on Allwinner H3 boards when armbian starts to ship kernel 5.5? Link to comment Share on other sites More sharing options...
Igor Posted December 19, 2019 Share Posted December 19, 2019 7 hours ago, kimidare said: Does it mean AES CBC will be hardware accelerated out-of-the-box on Allwinner H3 boards when armbian starts to ship kernel 5.5? Yes. Sometimes we implement such features even before ... 5.5 will probably landed to Armbian DEV kernel in 1/2020 while switching on stable will happen later. In case once wants to have this in the next LTS kernel (5.4.y) it has to be ported. 1 Link to comment Share on other sites More sharing options...
JMCC Posted December 19, 2019 Share Posted December 19, 2019 In addition to H3, other 32 bit boards already have HW crypto support in Armbian, as Odroid XU4 for example. But these older crypto implementations are slower than more recent arm64 boards (ref1 ref2) Link to comment Share on other sites More sharing options...
JMCC Posted December 19, 2019 Share Posted December 19, 2019 Also, if you are going to use the board for LUKS encrypted storage, you may want to have good disk IO performance. So you should probably aim for something with USB3 or PCI support. Rock64 seems like a good option to me, if you want something affordable. Link to comment Share on other sites More sharing options...
derpeter Posted February 20, 2020 Share Posted February 20, 2020 I trying to use LUKS on an 5.5 Kernel on an H3 SOC with armbian. The default cipher of luks currently is aes-xts-plain64 which is fine from a security point of view but as far as i understand the datasheet is not supported by allwinners CE. I'm struggling to find a the correct cipher name for a aes-cbc mode that will be accepted by the luks and is supported by the kernel. looking at the cryptsetup benchmark it seems non of the ciphers uses hardware acceleration or at least it is very slow. 1 Link to comment Share on other sites More sharing options...
Recommended Posts