Hi,NXP
i am using BSP36.0 on s32g274ardb2, when try use openssl offload crypto operation to hse, its not take effect;What should I do to make it effective?
Here are some outputs:
Hi,
The available information on regards HSE under Linux for S32G platform is the one provided under the BSP User Manual. As for OpenSSL, the following information is seen under the User Manual:
For which, some pre-requisites are mentioned. Have you followed them? There is also an example available:
Have you taken a look into it?
Please, let us know.
Hi,
Thanks for your feedback.
HSE can offload cryptographic operations through the kernel Crypto API, as said under the BSP User Manual:
We do not see any other mention about OpenSSL aside from the information provided before. But again, HSE requires the usage of the kernel Crypto API if you want to offload the cryptographic operations.
Please, let us know.
Hi NXP,
I am now tring to use hse crypto APIs by openssl on S32G.
I take "Linux BSP 36.0 User Manual for S32G2 platforms" section 10 as reference, and make linux kernel menuconfig as below(choose MU1):
When power on S32G_RDB2, the kernel log shows "hse 40211000.mu1b: MU interface not active",how can I fix it?
By the way,the HSE firmware is HSE_FW_S32G2_0_1_0_5. Does this firmware activate MU1 correctly?
hi, NXP, thank you for your reply.
Follow the instructions you provided, MU1 is actived and algorithm successfully registered
When I tested using OpenSSL with af_alg engine, I found that only aes_cbc could call HSE!!! aes_ctr and sha256 may not taken effect
What should I do to call all algorithm operations registered with HSE through OpenSSL?
thanks, Looking forward to your reply.
Hi,NXP
following your prompts, I tried adding several algorithms:
Testing found no effect, the interrupt about hse in /proc/interrupt did not change;
Is it related to the following implementation? the afalg_ciphers function only aes algorithms
How should I modify can use other algorithms link AES offload to hse?
Looking forward to your reply, Thanks!!!
hi,NXP
I tested the openssl software and AF_ALG engine (offload HSE), and found that the performance was worse after using the AF_ALG engine (offload HSE), Can you tell me why?
Here are the test data:
I used openssl's own performance testing command, the AF_ALG engine was not used on the left, and used on the right. I checked and found that there was indeed an increase in HSE interrupts when use AF_ALG.
This is test of hash, left use openssl EVP api and right use kernel socket
Hi,
Thanks for your feedback.
We know understand the 2 tables you have shared. Thanks for the description. The link we have shared was just an example of an open-source project, but it is not NXP developed, for what we can see.
Offloading to HSE should improve the performance, but this is by using the NXP Crypto API. As said before:
"As for OpenSSL, the following information is seen under the User Manual:
And this is the only information available at this moment regarding OpenSSL. We cannot confirm nor deny that HSE can offload OpenSSL software operations (aside from those under PKCS11), since there are no further guidelines on doing it.
Still, we will verify if the numbers are expected or not.
Please, let us know.
hi,NXP
thanks for you feedback;
I conducted the following experiments based on the BSP36 guidance manual.
use the HSE reference link provided in the BSP36 manual: https://github.com/nxp-auto-linux/pkcs11-hse AES crypto was performed on data with different bytes, The code for AES_128_CBC testing is as follows:
At the same time, the same encryption and decryption code for the openssl interface was written, as follows:
Both scenarios were tested 10000 times and the average value was taken. The results showed that OpenSSL performed better at any length. The following are the statistical results of the test:
The performance of the pkcs_hse.so provided by NXP test results is also poor compared to the openssl software algorithm. Can you help confirm whether the test data results are normal?
and may I ask what the reason is?
