disconnect Posted January 8, 2016 Posted January 8, 2016 Will cryptsetup (missing crypto modules), and USB audio (or the onboard analog audio) work on vanilla kernel?
Igor Posted January 8, 2016 Posted January 8, 2016 Yes, probably (untested), with self compiled branch DEV. I think none of this is present in build accessible from Armbian repository. Yet. USB audio used to be, but droped out by accident
wildcat_paris Posted January 8, 2016 Posted January 8, 2016 Yes, probably (untested), with self compiled branch DEV. I think none of this is present in build accessible from Armbian repository. Yet. USB audio used to be, but droped out by accident for crypto, it will work with kernel 4.3.3 and later (so next and dev Armbian) for the prng, you will need the patch from Corentin Labbe http://sunxi.montjoie.ovh/ => http://sunxi.montjoie.ovh/patchs_current/0001-crypto-sun4i-ss-support-the-Security-System-PRNG.patch Corentin has made a nice tool to test https://github.com/montjoie/cryptotest There is some errors yet, he wrote me there are some general kernel pending issues. But working. FYI I have done my A20 prng testing posted some results here (very old "diehard" tool) http://www.cacert.at/cgi-bin/rngresults(search 2 proper results with "sunxi") and there (old "dieharder" csprng tool) http://forum.armbian.com/index.php/topic/404-stable-vs-mainline-for-next/?hl=diehard#entry2558
disconnect Posted January 8, 2016 Author Posted January 8, 2016 But when these both will be available from armbian updater?
Igor Posted January 8, 2016 Posted January 8, 2016 Soon in dev branch (1-3 weeks) but not so soon in stable branch. Estimated. 1
wildcat_paris Posted January 8, 2016 Posted January 8, 2016 EDIT: Igor replied before I post my message @disconnect for the crypto part, it is already with Armbian vanilla version (kernel 4.3.3) but the Hardware PRNG patch is not applied (all the hardware prng won't be included in the linux kernel if the vendor do not provide a proper datasheet/spec, as there is a potential security threat) for the audio part, Igor worked on it, there was a git problem, now Zador seems to be working on with kernel 4.4.x so possibly available when the vanilla version moves to kernel 4.4
zador.blood.stained Posted January 8, 2016 Posted January 8, 2016 @disconnect I already wrote full board list somewhere, don't remember in which topic. Onboard analog audio (output only) will be available in kernel 4.4: on cubieboard, cubieboard 2, cubietruck; also on some other boards with patches backported from 4.5. Support for USB audio cards was removed by mistake and it should be available in next kernel release, not depending on exact kernel version. About cryptsetup - are you talking about sunxi-ss crypto engine or are there any other missing modules or kernel features?
disconnect Posted January 9, 2016 Author Posted January 9, 2016 I'm talking about cryptsetup (dm-crypt, LUKS). I can't mount my encrypted HDD as it isn't works at all. Just try cryptsetup benchmark, all of the encrypt/decrypt tests will return N/A, and you will see that the crypto something module is not loaded. On legacy kernel all works, probably from software, as the max encrypt/decrypt speed is ~20 mbytes/sec.
zador.blood.stained Posted January 9, 2016 Posted January 9, 2016 @Igor I enabled a bunch of missing crypto features for sunxi-dev branch, please enable those options on other branches.
disconnect Posted January 21, 2016 Author Posted January 21, 2016 will the crypto features work in the upcoming v5.00? As i see from the changelog, the usb audio is added already.
Igor Posted January 21, 2016 Posted January 21, 2016 Check configs. Several crypto stuff was added but perhaps we forgot something: https://github.com/igorpecovnik/lib/blob/master/config/linux-sunxi-next.config https://github.com/igorpecovnik/lib/blob/master/config/linux-sunxi-dev.config I expect new version will be ready and out within 2-3 weeks.
zador.blood.stained Posted January 21, 2016 Posted January 21, 2016 Cryptsetup works on dev branch, tested. 1
disconnect Posted January 21, 2016 Author Posted January 21, 2016 Cryptsetup works on dev branch, tested. if you run "cryptsetup benchmark" all tests run?
zador.blood.stained Posted January 21, 2016 Posted January 21, 2016 ➜ ~ % _ cryptsetup benchmark # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 38550 iterations per second for 256-bit key PBKDF2-sha256 52851 iterations per second for 256-bit key PBKDF2-sha512 26640 iterations per second for 256-bit key PBKDF2-ripemd160 38102 iterations per second for 256-bit key PBKDF2-whirlpool 6350 iterations per second for 256-bit key # Algorithm | Key | Encryption | Decryption aes-cbc 128b 25,8 MiB/s 26,4 MiB/s serpent-cbc 128b 11,0 MiB/s 12,9 MiB/s twofish-cbc 128b 17,8 MiB/s 20,7 MiB/s aes-cbc 256b 26,5 MiB/s 26,6 MiB/s serpent-cbc 256b 11,7 MiB/s 12,8 MiB/s twofish-cbc 256b 18,7 MiB/s 20,5 MiB/s aes-xts 256b 13,8 MiB/s 15,1 MiB/s serpent-xts 256b 11,2 MiB/s 12,6 MiB/s twofish-xts 256b 19,1 MiB/s 20,0 MiB/s aes-xts 512b 13,0 MiB/s 12,7 MiB/s serpent-xts 512b 12,0 MiB/s 12,6 MiB/s twofish-xts 512b 19,9 MiB/s 20,0 MiB/s sudo cryptsetup benchmark 8,74s user 24,21s system 97% cpu 33,629 total ➜ ~ % BTW, you can find link to a prebuilt 4.4 sunxi-dev kernel if you want to use it ahead of schedule here. Just remember that it's a dev branch, so you probably will need to uninstall your existing kernel and dtb packages before (if you are using "next" branch now) and install these (image and dtb packages at least) right after that.
disconnect Posted January 22, 2016 Author Posted January 22, 2016 I can wait I see much higher numbers for aes-cbc, this means the hardware aes support is used now?
zador.blood.stained Posted January 22, 2016 Posted January 22, 2016 Yes, sunxi-ss support was added to mainline in 4.3, but I believe it either wasn't activated or was missing an extra patch in released Armbian kernel.
wildcat_paris Posted January 23, 2016 Posted January 23, 2016 @zador sunxi-ss is working, of course, it needs to be added in .config, then adding ciphers using sunxi-ss (as well as ARM NEON based crypto)
vba Posted August 24, 2016 Posted August 24, 2016 What is the status of luks? Works out of the box now?
Recommended Posts