PC Engines apu2 experiences
-
@kevindd992002 said in PC Engines apu2 experiences:
Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.
Yes! The Apu2 does not have a dedicated Crypto-Device, the Crypto-Functions are integrated in the CPU (much faster). IMHO
-
@fireodo said in PC Engines apu2 experiences:
@kevindd992002 said in PC Engines apu2 experiences:
Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.
Yes! The Apu2 does not have a dedicated Crypto-Device, the Crypto-Functions are integrated in the CPU (much faster). IMHO
I see. But won't it use AES-NI anyway if the latter option is selected?
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
-
@kevindd992002 said in PC Engines apu2 experiences:
I see. But won't it use AES-NI anyway if the latter option is selected?
Freebsd will look for the Crypto-Device wich is not existent and will not fallback to AES-NI CPU based.
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
I admit I dont know. Sorry.
-
@fireodo said in PC Engines apu2 experiences:
@kevindd992002 said in PC Engines apu2 experiences:
I see. But won't it use AES-NI anyway if the latter option is selected?
Freebsd will look for the Crypto-Device wich is not existent and will not fallback to AES-NI CPU based.
Also, in the OpenVPN settings you should chhose None in the Hardware Acceleration field, correct?
I admit I dont know. Sorry.
Yes this is it. I did all the possible test combinations.
Indeed ONLY AES-NI should be selected -
Yes, the only thing to avoid here is enabling both aes-ni and bsd crypto. Doing that will cause the aes device to register for crypto acceleration via the framework which adds a load of additional steps. It's much faster to use the available CPU instructions directly. As long as it's enabled in the BIOS openssl, and hence openvpn, should use aes-ni.
Steve
-
@stephenw10 said in PC Engines apu2 experiences:
Yes, the only thing to avoid here is enabling both aes-ni and bsd crypto. Doing that will cause the aes device to register for crypto acceleration via the framework which adds a load of additional steps. It's much faster to use the available CPU instructions directly. As long as it's enabled in the BIOS openssl, and hence openvpn, should use aes-ni.
Steve
So you have to select AES-NI in pfSense and not in OpenVPN, then why is this option (Hardware crypto) present in OpenVPN config within pfSense? Could you please clarify this?
Cheers Qinn
-
I have personally never used that setting. But I have also never had a device with a specifically supported hardware crypto device which is where I would expect it to apply.
In testing I did when we went to OpenVPN 2.4 it was better to leave that set to None in every case.Steve
-
@stephenw10 kudos for clearing that one up!
-
@stephenw10 said in PC Engines apu2 experiences:
But I have also never had a device with a specifically supported hardware crypto device which ...
Don't want to crush this topic (and can't PM you) but lemme ask how far crypto in the SG-1100 has come? Last thing I know is that HW is present and waits for the software to follow. Anything changed in this regard?
-
That is still basically the status. I'm not sure how far along that work is, I did see some discussion of it a few days ago.
But that's a good point. On the SG-3100 where the crypto hardware is supported via the CESA driver I am currently running with BSD Crypto device set in both OpenVPN and as the system crypto device.
Steve
-
Although it is not downloadable at the moment, did anyone tried the new v4.10.0.0?
https://pcengines.github.io/ -
@Qinn said in PC Engines apu2 experiences:
Although it is not downloadable at the moment, did anyone tried the new v4.10.0.0?
https://pcengines.github.io/There isnt any 4.10.0.0 version - look here:
https://3mdeb.com/open-source-firmware/pcengines/ -
Here it is: https://pcengines.github.io/#mr-25
v4.10.0.0 Release date: '2019-08-09' Fixed/added: - rebased with official coreboot repository commit 2a20d13 - enable basic ACPI support for GPIOs -
@Veldkornet said in PC Engines apu2 experiences:
Here it is: https://pcengines.github.io/#mr-25
v4.10.0.0 Release date: '2019-08-09' Fixed/added: - rebased with official coreboot repository commit 2a20d13 - enable basic ACPI support for GPIOsHave you download it?
-
Do you guys have any issues with the download links for v4.10.0.0? They're all "404 page not found" for me. Or were they removed intentionally?
-
@kevindd992002 Yes, I don't think it's build
https://github.com/pcengines/coreboot/compare/v4.9.0.7...v4.10.0.0 -
Just updated. Link is properly working. No issues so far.
-
@psp said in PC Engines apu2 experiences:
Just updated. Link is properly working. No issues so far.
Thanks!
-
@psp said in PC Engines apu2 experiences:
Just updated. Link is properly working. No issues so far.
Yup thanks
-
New APU2 user here. Recently upgraded from an EdgeRouter Lite to the APU2D4. So far, loving pfSense, it's much more flexible than the ERL.
The BIOS it shipped with was 20170228 and I was able to press F10 to access the boot menu and perform a memtest.
PCEngines apu2 coreboot build 20170228 4080 MB ECC DRAM SeaBIOS (version rel-1.10.0.1) Press F10 key now for boot menu Select boot device: 1. USB MSC Drive Kingston DataTraveler 3.0 PMAP 2. ata0-0: Samsung SSD 860 EVO mSATA 250GB ATA-11 Hard-Disk (2 3. Payload [memtest] 4. Payload [setup]I upgraded the BIOS to 20190808 (v4.10.0.0) using flashrom and now when I press F10, I get the message "Booting from Hard Disk..." and it just starts to boot via the internal SSD. How can I access memtest again?
PC Engines apu2 coreboot build 20190808 BIOS version v4.10.0.0 4080 MB ECC DRAM SeaBIOS (version rel-1.12.1.3-0-g300e8b7) Press F10 key now for boot menu Booting from Hard Disk... /boot/config: -S115200 -h Consoles: serial port BIOS drive C: is disk0 BIOS 639kB/3405392kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (Wed Nov 21 08:03:01 EST 2018 root@buildbot2.nyi.netgate.com) ... ... Boot continues here ... ...EDIT: Also, how do I enter the BIOS to adjust settings? It seems that option is missing as well.
