OK, so I've been hacking on and testing my shiny new
One A110 mini-laptop during the last few days and I must say I'm very happy with it. I'll write up some more details later (check the
wiki if you're impatient), but today I want to highlight a very nice feature of this laptop (compared to, for instance, the Eee PC): The VIA C7-M ULV CPU in the laptop has
VIA Padlock support.
VIA Padlock is a hardware feature in recent VIA CPUs which provides hardware-accelerated AES and SHA-1/SHA-256 support, among other things. This can be used in Linux (with the proper drivers and patches) to improve performance of dm-crypt, OpenSSL (and all programs using it), scp, sha1sum, OpenVPN, etc. etc.
I have written a quite extensive
VIA Padlock HOWTO and benchmarks in the A110 wiki (but all of this will work on other systems which have VIA Padlock, too).
To summarize, here are the most important benchmarks:
dm-crypt (256bit AES, cbc-essiv:sha256)
Without VIA Padlock support:
$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
Timing cached reads: 448 MB in 2.00 seconds = 223.47 MB/sec
Timing buffered disk reads: 22 MB in 3.07 seconds = 7.17 MB/sec
With VIA Padlock support:
$ hdparm -tT /dev/mapper/hdc2_crypt
/dev/mapper/hdc2_crypt:
Timing cached reads: 502 MB in 2.00 seconds = 250.41 MB/sec
Timing buffered disk reads: 90 MB in 3.07 seconds = 29.36 MB/sec
The native speed of the
SSD in the laptop is 31.01 MB/sec, so there is almost no performance penalty when using VIA Padlock.
OpenSSL
OpenSSL speed benchmark, first line without Padlock, second line with Padlock enabled:
$ openssl speed -evp aes-256-cbc [-engine padlock]
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 9187.18k 10572.28k 11054.32k 11179.36k 11218.02k
aes-256-cbc 47955.92k 150619.73k 325730.73k 458320.11k 520520.79k
ssh/scp
Without VIA Padlock support:
$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat 100% 159MB 5.9MB/s 00:27
With VIA Padlock support:
$ scp -c aes256-cbc bigfile.dat localhost:/dev/null
bigfile.dat 100% 159MB 14.5MB/s 00:11
OpenVPN
A real speed benchmark is pending (not measurable easily on 100MBit LAN, will try on a slower link), but as OpenVPN uses OpenSSL is should have roughly the same speedup iff you tell OpenVPN to use AES (it uses Blowfish per default).
Also, there's a measurable difference in CPU load while tranferring large files over OpenVPN: 8% CPU load with VIA Padlock (vs. 20% CPU load without VIA Padlock).
sha1sum / phe_sum
phe_sum is a small C program which can be used as drop-in replacement for sha1sum (which doesn't support VIA Padlock yet). Quick benchmark:
sha1sum, without VIA Padlock:
$ time sha1sum bigfile.dat
real 0m6.511s
user 0m5.864s
sys 0m0.412s
phe_sum (with VIA Padlock support):
$ time ./phe_sum bigfile.dat
real 0m1.149s
user 0m0.704s
sys 0m0.424s
All in all VIA Padlock gives you a pretty impressive speedup for many crypto-using applications on Linux, which is especially useful on the A110 mini-laptop (think OpenVPN or scp for mobile usage, and dm-crypt for an encrypted SSD, of course).