Conversation

Notices

1. Embed this notice
   Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 19-Jan-2026 04:59:35 JST Ryan Castellucci (they/them) :nonbinary_flag:

   How it started: sequential file reads from the array at ~160MB/sec (ZFS native encryption}

   How it's going: sequential file reads from the array at ~900MB/sec (ZFS on LUKS)

   It seems that GCM makes the Atom C3958 a sad SoC.

   • Embed this notice
     John Ripley (jripley@mastodon.social)'s status on Monday, 19-Jan-2026 05:26:43 JST John Ripley

     in reply to

     @ryanc That chip apparently has AES-NI, so AES-GCM should, if code is using it, be expected in the ballpark of ~2 cycles per byte, i.e ~1GB/sec.

   • Embed this notice
     Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 19-Jan-2026 05:35:42 JST Ryan Castellucci (they/them) :nonbinary_flag:

     in reply to

     • John Ripley

     @jripley I don't know exactly what the problem is, but it seems to be terrible at PCLMULQDQ

   • Embed this notice
     Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 19-Jan-2026 05:35:42 JST Ryan Castellucci (they/them) :nonbinary_flag:

     in reply to

     • John Ripley

     @jripley It also has a QuickAssist accelerator, but I can't get ZFS to use it for GCM - but I do have LUKS using it.

   • Embed this notice
     Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 19-Jan-2026 16:59:55 JST Ryan Castellucci (they/them) :nonbinary_flag:

     in reply to

     • John Ripley

     @jripley I get 700MB/sec single core doing AES in counter mode.

   • Embed this notice
     John Ripley (jripley@mastodon.social)'s status on Monday, 19-Jan-2026 16:59:57 JST John Ripley

     in reply to

     @ryanc I’m suspicious maybe Intel checked the “AES-NI” box of ISA support in Atoms, while the underlying implementation is whatever is enough to pass validation only.

   • Embed this notice
     Ryan Castellucci (they/them) :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 19-Jan-2026 17:50:50 JST Ryan Castellucci (they/them) :nonbinary_flag:

     in reply to

     @jripley I actually managed to get the QAT accelerator working for LUKS, but couldn't get ZFS to use it even though it supports AES-GCM.

   • Embed this notice
     John Ripley (jripley@mastodon.social)'s status on Monday, 19-Jan-2026 17:50:59 JST John Ripley

     in reply to

     @ryanc Spent a few minutes puzzling over why it's so bad, and it looks like that era of Atom was just before Intel greatly improved latency/throughput. Also I think it has only one pipe doing all the above, mostly stalled. I got into this thread because one of the last things I did at my prior employer was hyper-optimize AES-GCM for their cores, and they run bytes-per-cycle, not cycles-per-byte. Literally 10x faster.