加密硬件

tag-icon tag-icon encryption hardware-compatibility
加密硬件

我有一台配备 AMD N36L (HP ProLiant MicroServer N36L) 的服务器。它工作得很好,只是对于加密 1 Gbps 网络数据和全盘加密来说太慢了:

$ openssl speed aes-256-cbc
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-256 cbc      44377.97k    47345.83k    48251.48k    48544.09k    48589.48k    48658.84k

我可以在机器中放置什么样的附加卡,以便内核会自动检测该卡以进行加密?我不想打扰非自由模块。

我可以简单地添加一个显卡吗? https://developer.nvidia.com/gpugems/gpugems3/part-vi-gpu-computing/chapter-36-aes-encryption-and-decryption-gpu

$ lscpu
Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   48 bits physical, 48 bits virtual
CPU(s):                          2
On-line CPU(s) list:             0,1
Thread(s) per core:              1
Core(s) per socket:              2
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       AuthenticAMD
CPU family:                      16
Model:                           6
Model name:                      AMD Athlon(tm) II Neo N36L Dual-Core Processor
Stepping:                        3
CPU MHz:                         1300.000
CPU max MHz:                     1300.0000
CPU min MHz:                     800.0000
BogoMIPS:                        2595.51
Virtualization:                  AMD-V
L1d cache:                       128 KiB
L1i cache:                       128 KiB
L2 cache:                        2 MiB
NUMA node0 CPU(s):               0,1
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Not affected
Vulnerability Meltdown:          Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer s
                                 anitization
Vulnerability Spectre v2:        Mitigation; Full AMD retpoline, STIBP disabled, RSB filli
                                 ng
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
Flags:                           fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
                                 cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mm
                                 xext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3dnow constant_t
                                 sc rep_good nopl nonstop_tsc cpuid extd_apicid pni monito
                                 r cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy a
                                 bm sse4a 3dnowprefetch osvw ibs skinit wdt nodeid_msr hw_
                                 pstate vmmcall npt lbrv svm_lock nrip_save

答案1

我邀请你看看英特尔 QuickAssist 适配器

这些是 pci-express 卡,其芯片专用于卸载加密和压缩。

请注意,要卸载,您必须确保该软件有能力并且您正在使用兼容的编解码器、密码。

英特尔营销页面:

https://www.intel.com/content/www/us/en/products/docs/network-io/ethernet/10-25-40-gigabit-adapters/quickassist-adapter-for-servers.html

英特尔技术页面: https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches

英特尔 Github 项目: https://github.com/intel/QAT_Engine

相关内容