VIA padlock performance

Oliver Fromme olli at
Wed Jul 19 14:14:12 UTC 2006

Andrzej Tobola wrote:
 > Oliver Fromme wrote:
 > > On my EPIA 10000 (1GHz VIA Nehemia) I did some performance
 > > testing a few months ago under RELENG_6 (not sophisticated
 > > enough to call it benchmarking).  For testing I used scp(1)
 > > of a large file (an ISO9660 image, 213 MBytes), because
 > > that's what I often need to do, so it's an important thing
 > > for me.  These are the results (averages of several runs):
 > How exactly you enable it ?

You need crypto, cryptodev and padlock in your kernel; see
the padlock(4) manpage (you can also load it as a module).
That's all.  You don't have to enable it explicitly.

 > I have on -current:
 > # kldload padlock
 > DLOCK: No ACE support.

That output is pretty clear:  Either your CPU does not
support ACE (that's the name of Nehemia's padlock engine),
or it isn't recognized by your version of the padlock(4)

What kind of CPU do you have exactly?  Please quote the
line from your dmesg output.  Mine says:

CPU: VIA C3 Nehemiah+RNG+ACE (1002.28-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x698  Stepping = 8

As you can see, it explicitly mentions "ACE" in the first
line.  By the way, it also mentions "RNG" which is a
hardware random-number generator, which is supported and
used by FreeBSD through /dev/random automatically.
Cool, eh?  :-)

(You also get the information from ``sysctl hw.model''.)

 > 20    1 0xc3dd6000 3000     padlock.ko
 > 21    1 0xc3dd9000 19000    crypto.ko

You will also need "cryptodev" in addition to "crypto".
"crypto" manages only in-kernel access to the cryptographic
facilities (including hardware acceleration through the
padlock driver), which is used by FAST_IPSEC, for example.
"cryptodev" will enable access by userland applications
(e.g. scp) and libraries (OpenSSL) through /dev/crypto.

Best regards

Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD:
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"If you think C++ is not overly complicated, just what is a protected
abstract virtual base pure virtual private destructor, and when was the
last time you needed one?"
        -- Tom Cargil, C++ Journal

More information about the freebsd-hackers mailing list