From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: ARM 64? Date: Fri, 25 May 2018 14:10:24 +0100 Message-ID: <7fbc2ed13bf62a425faffa61bc6698ac9135d6b1.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7231845359064560798==" List-Id: --===============7231845359064560798== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, On Fri, 2018-05-25 at 12:45 +1000, Mathew McBride wrote: > Hello, >=20 > =EF=BB=BFOn 25/5/18, 12:44 am, "Michael Tremer" wrote: >=20 > Hey, > =20 > IPFire is not based on any other distribution like Ubuntu is (was?) bas= ed > on > Debian. So we have to port the entire userspace as well as the kernel. = Our > kernel is also highly customised because the needs of a firewall and > secure and > hardened systems vary a lot from other server systems. > Understood. I've had a look through the repositories - I take it only 3.x is > planned to have armv8/arm64 support. Does the userspace build on arm64 at t= he > moment? Yes, IPFire 3 builds on ARM64. If it is running outside of a VM is completely unknown. I was really passionate about this, but since we had no hardware that was good enough to develop IPFire towards, this is more of a proof-of-concept than anything else. IPFire 3 is really hard to port because everything is a package and there is = no easy way how to bootstrap the distribution starting with no package. IPFire 2 can only be built in one go. Nothing is a package. Every change requires us to recompile the *entire* distribution. That takes a long time (~9 hours without ccache and about 4-5 with ccache). > We also put a huge emphasis on performance. Networks need to be fast. > =20 > There isn't too much great build hardware out there for us right now. We > have > some smaller system that I can use to play around a bit for a start in a > data > center. The Mustang system I have doesn't run too well because there is= a > huge > hardware bug in the SATA controller. > =20 > There are a couple of options out there, NXP has a Cortex-A72 based SoC's (= and > devboards) that would be better suited to build tasks. I'm not sure how it > stacks up with X-Gene/Mustang but the marketing claims are that A72 (when > given a good amount of L2/L3 cache) can hold up against Xeon D's in single > thread. Oh yeah, they are awesome. So fast and power consumption is quite okay. I got the first generation XGene and read that any newer generations are more efficient. > I'm hoping ThunderX2 (Cavium) hosts start appearing on cloud providers soon= as > well. There are ThunderX (v1) instances available, but that core had very p= oor > single thread performance for a server. With IPFire 3 we can distribute the build process really well. So it wouldn't matter to have a few build instances more as long as that is financially feasible. > I do kernel and other builds (Funtoo/Gentoo) all the time on our hardware; = but > this is more for 'dogfooding'/load testing purposes!=20 I think you hardware is good enough for a builder. But I still am not sure wh= at to expect from the CPU. It will be faster than a Raspberry Pi, but not a Mustang. >=20 > > > If you build an image that uses UEFI boot it will work on both = our > > hardware > > > (bare metal), as a VM and on the ARM64 server platforms > (Ampere/XGene, > > > Centriq, ThunderX), or even our competitors (MacchiatoBin etc.) > > =20 > > and the OS is on SSD or SD card? > > Yes, u-boot is on the NAND. It will boot EFI distributions on any > supported > > block device (SD, USB, SSD). > > There are some limitations - no EFI persistent variables etc. (yet) or > RTC > > service, but I think that will eventually be solved. > =20 > In this hardware or in a future one? > =20 > On this hardware. For example, to implement the EFI variable service, we wi= ll > probably have to make the NAND inaccessible to Linux in EFI-mode.=20 That would be fine with me. We have no use for the NAND for the OS. > (If you package your images to work on 'removable media', as required for A= RM > standard VM's, you probably don't need efivars anyway). > With the real time clock - we have a discrete RTC chip on our board, whereas > the major distributions expect a 'platform' RTC (like x86). Not an issue for > embedded distributions but having the EFI RTC will solve system clock issues > on the major distros. >=20 > =20 > > 'Real' ARM servers (these days) also use ACPI instead of passing a > device > > tree, but this doesn't really make much of a difference in user space. > =20 > Not to userspace but to our kernel. > =20 > We don't support EFI yet on x86 because there was never any demand for = it. > Servers are still happy with the legacy mode and people don't seem to > trust the > bigger EFI blobs that are running on modern systems. > =20 > I suppose this hardware comes without a management engine and all of th= at > stuff? > =20 > Definitely. No hidden blobs here :) *thumbs up* So we would have a huge advantage in the security of the hardware. It looks l= ike the system isn't even vulnerable for (most of?) Spectre. > There is a TrustZone firmware running in the ring/EL above the OS, for the = NXP > Layerscape/QorIQ SoC's this firmware is open source, and not strictly requi= red > to run the system (it gets loaded by u-boot after power on). What does the firmware do? > It is, however, required to do certain functions that the ARM server standa= rd > expects (such as moving between ring/ELs) - EFI boot does not work without = it. -Michael >=20 > Best, > -Michael >=20 >=20 > Cheers, > Matt > > Matt > > >=20 > > > -------- Forwarded Message --------=20 > > > Subject:=20 > > > Re: ARM 64? > > > Date:=20 > > > Wed, 23 May 2018 10:58:00 +0100 > > > From:=20 > > > Michael Tremer mailto:michael.tremer(a)ipfire.org > > > To:=20 > > > mailto:guy(a)traverse.com.au, mailto:development(a)lists.ipfire= .org > > >=20 > > > Hello Guy, > > >=20 > > > thank you very much for getting in touch. > > >=20 > > > Yes, we are working on an ARM 64 port, but so far we have not s= een > any > > > hardware > > > that was worth doing the port for. All those small and cheap > single- > > board > > > computers lack power, the bigger systems are basically unavaila= ble > and > > way too > > > expensive. > > >=20 > > > This board is way different though. CPU, Memory and especially = the > NICs > > are > > > something that are way better sized and make a nice small > appliance for > > bigger > > > SOHOs or small to medium-sized offices. > > >=20 > > > Not entirely sure why there is only one 10G port. Usually where > 10G goes > > in, > > > it > > > has to go out somewhere else again... > > >=20 > > > The big question is what software support is like in the Linux > kernel > > for > > > this. > > > I have seen the patches linked on the product page and can only > defer to > > Arne > > > to > > > have a look at it. > > >=20 > > > My question would now be: What is the desired RRP for this or > wholesale? > > I am > > > just curious to find out if it is competitive or if people would > find it > > too > > > expensive and buy Intel again. Then we shouldn't really bother > with > > putting > > > the > > > time into a port. If you are not comfortable sharing prices on = the > list, > > > please > > > feel free to email me in private about this. > > >=20 > > > About the sponsorship. Thank you very much for considering us. I > would > > be > > > happy > > > to have a closer look. Would you be able to ship this into the = UK > or > > Germany? > > >=20 > > > Best, > > > -Michael > > >=20 > > > On Wed, 2018-05-23 at 12:46 +1000, Guy Ellis wrote: > > > > Dear list, > > > >=20 > > > > Just wondering if there is any interest in supporting ARM 64 > hardware=20 > > > > moving forward? > > > >=20 > > > > We can assist with donated hardware and support if there is > interest. > > > > https://traverse.com.au/products/ls1043s-router-board/ > > > >=20 > > > > Regards, > > > > - Guy. > > > >=20 > > > >=20 > > >=20 > > >=20 > > >=20 > > =20 > >=20 > >=20 > =20 >=20 >=20 --===============7231845359064560798==--