From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: ARM 64? Date: Thu, 14 Jun 2018 19:08:40 +0200 Message-ID: <1cfe866b-f889-447e-3421-aa56e8792d1d@link38.eu> In-Reply-To: <97c1f1b145e7c5e1de3d6b4734d9b5b15d29aa7c.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0114180546592306638==" List-Id: --===============0114180546592306638== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, this board sounds very interesting indeed (trustworthy hardware - yay!). However, after reading the datasheet it did not became clear to me if it has some built-in random number generator and/or cryptography acceleration. Apart from some low-level backdoors (baked into USB, ... firmware chips) it seems like this is suitable for security relevant devices. Looking forward to hear some experiences with IPFire on it. :-) Best regards, Peter M=C3=BCller > Hey Matt, >=20 > On Mon, 2018-05-28 at 20:32 +1000, Mathew McBride wrote: >> Hi Michael, >> >> Just in response to your questions: >> =EF=BB=BFOn 25/5/18, 11:10 pm, "Michael Tremer" wrote: >> =20 >> =20 >> I think you hardware is good enough for a builder. But I still am not = sure >> what >> to expect from the CPU. It will be faster than a Raspberry Pi, but not= a >> Mustang. >> =20 >> We did some benchmarks with the Phoronix test suite a while ago, this will >> give you an idea: >> http://openbenchmarking.org/result/1708303-TR- >> 1703199RI93&obr_hgv=3DTraverse+LS1043+Prototype >=20 > I had a look at that. And yes indeed, it is a bit hard to figure out the > performance by the CPU name alone for most ARM SoCs. There is no branding in > order of performance (or similar) like Intel has. >=20 > That might actually turn out to be a bigger marketing problem, but we will = see > that in the future. >=20 >> To give an idea of the Cortex (ARM designed)-based core performance: >> >> The LS1043 has the same A53 cores as the RPi3, but performs better due to >> having more cache, DDR4 etc (and higher clock). >=20 > Performance is also coming from the rest of the periphery. The RPi has a sl= ow > and not very stable USB bus to talk to the network to and SD card storage. = Even > with a faster CPU it might very often just wait for data. >=20 > We have been trying to tell people that they should look out for some speci= fic > features like cache and good single-core performance. >=20 >> A72 is about double A53 in performance (and power consumption!) per MHz, as >> A72 is a modern out-of-order speculative core (it did get hit with the >> Meltdown/Spectre issue). >=20 > Yes, wouldn't mind to have some systems based on that one since the A53 wil= l be > too slow for really large enterprise deployments. >=20 >> The latest gen of ARM64 server cores would all be well above A72, your Mus= tang >> is probably around the A72 level. >> >> In general, ARM network SoCs try to work 'smarter' instead of 'harder', so= the >> high network performance comes from having very good network silicon, taki= ng >> advantage of crypto accelerators etc. >=20 > I prefer the NICs in the SoC which gives great performance. The disadvantage > only is that they sometimes to odd configurations like 5x 1G and 1x 10G in = this > case which I don't really understand. The only use-case that makes sense to= me > is a server but for that the CPU is too slow and people would probably go f= or a > A72-class CPU. >=20 >> > There is a TrustZone firmware running in the ring/EL above the OS, f= or >> the NXP >> > Layerscape/QorIQ SoC's this firmware is open source, and not strictly >> required >> > to run the system (it gets loaded by u-boot after power on). >> =20 >> What does the firmware do? >> It implements some vendor-specific power-management extensions (PSCI), as = well >> as some TPM-like functions. >> NXP provides a good overview: https://github.com/qoriq-open-source/ppa-gen= eric >> /blob/integration/ReleaseNotes.txt >> I am not a security expert, but it could be a good test environment for se= cure >> boot, private key storage and other things. >=20 > Great that this is entirely open. >=20 > -Michael >=20 >> >> =20 >> Cheers, >> Matt >> =20 >> >> --=20 "We don't care. We don't have to. We're the Phone Company." --===============0114180546592306638== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWxzaW9SZ0FDZ2tRMlVqeUQzMTcKbjJoQVJRLytJQUJldExRZjZ2 UDhDYzZXMXh3LzZYOS9yMVFNVlA5UkdGU2ZsaEthK1lIYlRVTVlEYjlXVk1TVApZMXhiNXBPRDJt VGcvalVVeUxza0lJUnN2emVUN3VhSGZnUklOYms2bHAwcWRsVVRiNUFNSWJIVHZidXpnL1FECmVJ VlJ4dUhTaEtkSTA2N2lIaThjNUpPblh5NFZwTmhiR1BtZm1mV085R2h5S1ZkbUxrOURkQlphcktl TmVYemYKRzNXMCtZMFc5dVBSaUJ0YVl4b0pUQnVSUXYzS25yYTJMS2RGaHZQWTNtQ05SWGlyS1Rs ZVRqUzRzRGh4TWFMLwpzUVByVkpKWEp3TFhqS2RDbEw4N1RKNXo2bTZQdWJMOEhTMjkweTd3VTlN OGtpVjdQejc0YUNvcnUwUWo0bjIrCjRDTURDNllaM1h5OGpZTHcreW5ZdHhkR1pSK0RYTEpDbWMz V3ZRejIzdWxNQ3NxTHZvVmZCejVjZlY5ajRzVjUKMWJRWFZuYW1RcDFRVWptcVlxcDNNWllqSHdy d3VIZmFlOVc1R0psendMMXhTeFFxTldCOFd0OGRoSlQ4b3ExbgpFSXBBUEFyWTJrMDVvcWMwdHBR Z2x1cjZmVEk3MDJMMjZtOFdHaVc0L0pCUzBPSGdMbjlpWTEreFhiVjQ2VDMyClJyZ3lDcE43T2FT YlNCYi9ROVFnWEM0cTdzUWJ6RU9jV2pOVjIyOFhML0NVamh6aVRXejBneHZscVowUnY3NEkKMkJa bHRrbmg5R0I5aHNyZ0JZbkcwejRUT1pMWWpTWm9wMXBQd21DQVM2VkY5U1VreGd4VXg1QlE2STZ2 WWxsSAptTHNqb0JkNU85TDBObE5ZNU5CNzEvaTY0ZDd6VmlYWW0xNVBTVWt1RHlEbXhacTBscUk9 Cj1ibjNsCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0114180546592306638==--