From owner-freebsd-hardware@FreeBSD.ORG Mon Apr 20 06:59:09 2009 Return-Path: Delivered-To: freebsd-hardware@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E7B610656A8 for ; Mon, 20 Apr 2009 06:59:09 +0000 (UTC) (envelope-from lists@freebsdonline.com) Received: from web1.unixengines.com (web1.unixengines.com [88.198.32.73]) by mx1.freebsd.org (Postfix) with ESMTP id 314948FC12 for ; Mon, 20 Apr 2009 06:59:09 +0000 (UTC) (envelope-from lists@freebsdonline.com) Received: from unixware.iasi.rdsnet.ro ([86.124.51.145] helo=ovi.nobody.ro) by web1.unixengines.com with esmtpa (Exim 4.62) (envelope-from ) id 1LvnDF-000JqH-GS for freebsd-hardware@freebsd.org; Mon, 20 Apr 2009 09:42:41 +0300 Message-ID: <49EC18BA.8020801@freebsdonline.com> Date: Mon, 20 Apr 2009 09:39:54 +0300 From: ovi freebsd User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.17) Gecko/20081005 SeaMonkey/1.1.12 MIME-Version: 1.0 To: freebsd-hardware@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Problem with GELI and hifn (soekris vpn1401 and vpn 1411) X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 06:59:09 -0000 Hello I just bought two soekris vpn1401 and vpn 1411 cards (minipci and pci) and I've tried to make it work under FreeBSD. The card is detected properly, still I have no improvments in performance when using crypto hardware and also when I transfer file to an encrypted partition it locks itself and I must reboot. hifn0 mem 0xe0080000-0xe0080fff,0xe00c0000-0xe00c1fff,0xe0100000-0xe0107fff irq 9 at device 12.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801 GEOM_ELI: Device da0s1g.eli created. GEOM_ELI: Encryption: AES-CBC 256 GEOM_ELI: Crypto: hardware I've also tried with AES 128. Same result. After it locks i must reboot and then the encryptend partition cannot be mount. Trying to fsck the partition (after attaching it) it still locks: fsck is not doing anything. last pid: 1162; load averages: 0.00, 0.00, 0.00 up 0+03:06:34 16:02:33 30 processes: 1 running, 29 sleeping Mem: 25M Active, 976K Inact, 12M Wired, 1804K Cache, 34M Buf, 199M Free Swap: 700M Total, 700M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 965 root 1 -8 0 31812K 12016K physrd 0:01 0.00% fsck_ufs 642 root 1 44 0 5876K 2296K select 0:00 0.00% sendmail fs# fsck -t ufs /dev/da0s1g.eli ** /dev/da0s1g.eli ***** FILE SYSTEM STILL DIRTY ***** ** Last Mounted on /usr/home/fileserver ** Phase 1 - Check Blocks and Sizes And it stays at Phase 1 like forver (fsck-ing for 4-5 hours now). Removing hifn module, detaching and attaching the geli partition it fscks ok. I've checked, everything is setup ok, I've tried with compiled kernel or modules loaded at boot. I've tried a test with OpenSSL: time dd if=/dev/zero bs=1m count=100 | openssl des3 -pass pass:test -engine cryptodev -out /dev/null results: Without hardware encryption --------------------------- Code: engine "cryptodev" set. 100+0 records in 100+0 records out 104857600 bytes transferred in 46.245892 secs (2267393 bytes/sec) With hardware encryption ------------------------ Code: engine "cryptodev" set. 100+0 records in 100+0 records out 104857600 bytes transferred in 21.653051 secs (4842625 bytes/sec) It works 2x with hardware (as advertised by others on mailing lists), so I think is a problem with geli+hifn. If you have any experience with this issue please advice. Tests were made on PCEngines Alix board with mini pci soekris vpn1411 and a regular PC with PCI soekris vpn1401. best regards, ovi