On Nov 8, 2005, at 4:28 AM, Venkat Manakkal wrote:
http://hifn7751.sourceforge.net/
I tried the Soekris card on FreeBSD; both OpenBSD and FreeBSD use a
kernel-level cryptographic framework that can use these PCI hardware
accelerators (hifn chips).
They are not appropriate for on-disk encryption.
I don't have the details correct, but it is a performance issue: data
must transferred from main memory via the CPU to the PCI card for
processing, and then the data is transferred back, and then it is
written to disk.
The accelerator cards are more appropriate for network packet
encryption: the network stack could tell a network interface to
perform direct memory transfer to the crypto card on the PCI bus
before ever hitting the CPU or the main memory. In that application,
one could achieve "wire-speed" encryption of the network packets,
without CPU overhead.
My experience is that for disk I/O, crypto operations of the CPU are
still faster than the PCI-based crytpo accelerators.
This almost certainly does NOT apply to the VIA "padlock" crypto
acceleration, which adds instructions to the x86 ABI and performs
crypto operations on the CPU.
{Open, Free}BSD is a fun system to use if one is concerned about
security and robustness. But I have not found a disk-encryption
solution that rivals loop-aes on Linux for performance and stability.
~ boyd
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
