From: "Ard Biesheuvel" <ardb@kernel.org>
To: Pierre Gondois <pierre.gondois@arm.com>
Cc: "Li, Yi1" <yi1.li@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
Leif Lindholm <quic_llindhol@quicinc.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Sami Mujawar <sami.mujawar@arm.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support for AARCH64
Date: Wed, 8 Nov 2023 16:03:03 +0100 [thread overview]
Message-ID: <CAMj1kXHNBpQTFC84kibpv=52uhwzwCX4U8n=a+XzJVsQYmMy3g@mail.gmail.com> (raw)
In-Reply-To: <28adea97-b7ae-4f2e-96bb-a115806966d5@arm.com>
Hello Pierre,
Thanks for working on this.
On Wed, 8 Nov 2023 at 15:39, Pierre Gondois <pierre.gondois@arm.com> wrote:
>
> Hello Yi,
>
> The tests run are based on the TestBaseCryptLibShell module.
> Each test is run 100 times, then the first 5 values
> (considered as warmup) are removed.
>
> The NoAccel column relies on the OpensslLibFull implementation,
> the Accel column relies on the OpensslLibFullAccel implementation.
> The 'Improvement' column is computed as:
> 100 * ('Accel (ns)' - 'NoAccel (ns)') / 'NoAccel (ns)'
>
> The std deviation of the TestVerifyDhGenerateKey is big.
> It is due to [1] being called with the 'safe' parameter set, leading
> to the prime number taking more time to generate. It requires ~10
> iterations when safe=false, ~1000 iterations when safe=true.
>
> The test was run on a Juno-r2. The native Openssl implementation makes
> use of the following features (cf. [2]):
> - ARMV7_NEON
> - ARMV8_AES
> - ARMV8_SHA1
> - ARMV8_SHA256
> and misses:
> - ARMV8_PMULL
Why was this omitted? Juno implements the underlying instruction so we
should be able to use this code too.
> - ARMV8_SHA512
>
> [1] CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_prime.c:BN_generate_prime_ex2()
> [2] CryptoPkg/Library/OpensslLib/openssl/crypto/arm_arch.h
>
> | TestName | NoAccel (ns) | NoAccel std | Accel (ns) | Accel std | Improvement |
> |:--------------------|---------------:|--------------:|-------------:|------------:|--------------:|
> | mPkcs7EkuTest | 14883462 | 16175 | 14777782 | 28099 | -0.71005 |
> | mAeadAesGcmTest | 137082 | 1937 | 116010 | 722 | -15.3718 |
> | mBlockCipherTest | 7390 | 85 | 7192 | 189 | -2.6793 |
> | mAuthenticodeTest | 71440889 | 3150754 | 64153427 | 1525259 | -10.2007 |
> | mBnTest | 755820 | 55968 | 730951 | 65075 | -3.29033 |
> | mDhTest | 3625850738 | 3194665276 | 2585215827 | 2394541660 | -28.7004 |
> | mEcTest | 24661474 | 187448 | 23480124 | 174758 | -4.79027 |
> | mHkdfTest | 1013338 | 4648 | 903299 | 7193 | -10.8591 |
> | mHmacTest | 250284 | 35322 | 213063 | 36323 | -14.8715 |
> | mImageTimestampTest | 14674681 | 87409 | 11877127 | 20965 | -19.0638 |
> | mOaepTest | 25750532 | 100301 | 18066871 | 40274 | -29.8388 |
> | mPkcs5Test | 174126 | 1537 | 151554 | 2287 | -12.963 |
> | mPkcs7Test | 28141988 | 62781 | 25136968 | 59675 | -10.6781 |
> | mPrngTest | 750055 | 3376 | 451404 | 4437 | -39.8172 |
> | mRsaCertTest | 38935884 | 90999 | 36458419 | 97471 | -6.36294 |
> | mRsaTest | 22441717 | 61863 | 16673925 | 58522 | -25.7012 |
> | mRsaPssTest | 142031418 | 131585 | 98656708 | 110644 | -30.5388 |
> | mHashTest | 22383 | 6507 | 17628 | 7553 | -21.2438 |
> | mX509Test | 53441738 | 90749 | 51609184 | 184683 | -3.42907 |
>
> Regards,
> Pierre
>
> On 11/7/23 03:38, Li, Yi1 wrote:
> > Hi Pierre,
> >
> > Could you share what tests you did and the test results?
> >
> > Regards,
> > Yi
> >
> > -----Original Message-----
> > From: Pierre Gondois <pierre.gondois@arm.com>
> > Sent: Thursday, November 2, 2023 9:54 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Li, Yi1 <yi1.li@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>; Gerd Hoffmann <kraxel@redhat.com>
> > Subject: [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support for AARCH64
> >
> > Various OpensslLib implementations are available in edk2. The OpensslLibAccel.inf and OpensslLibFullAccel.inf ones use architecture specific instructions, e.g. AESE, PMULL, SHA256H, ..., allowing to improve speed.
> >
> > Enable support for Aarch64's native instructions:
> > - Add ArmReadCntPctReg() and ArmReadIdAA64Isar0Reg() to
> > Aarch64's BaseLib.
> > - Generate Aarch64's specific Openssl functions.
> > - Add a OpensslStub/AArch64Cap.c file to allow Openssl
> > to probe Aarch64 native instruction support.
> >
> > This patch-set only enable support for GCC for now (MSFT support not added).
> >
> > Pierre Gondois (7):
> > MdePkg/BaseLib: AARCH64: Add ArmReadCntPctReg()
> > MdePkg/BaseLib: AARCH64: Add ArmReadIdAA64Isar0Reg()
> > MdePkg/BaseRngLib: Prefer ArmReadIdAA64Isar0Reg() over
> > ArmReadIdIsar0()
> > CryptoPkg/OpensslLib: Add native instruction support for AARCH64
> > CryptoPkg/OpensslLib: Generate files for AARCH64 native support
> > CryptoPkg/OpensslLib: Add AArch64Cap for arch specific hooks
> > CryptoPkg: Enable Openssl Accel builds for AARCH64
> >
> > CryptoPkg/CryptoPkg.dsc | 23 +-
> > .../AARCH64-GCC/crypto/aes/aesv8-armx.S | 3180 ++++++++
> > .../AARCH64-GCC/crypto/aes/vpaes-armv8.S | 1196 +++
> > .../AARCH64-GCC/crypto/arm64cpuid.S | 129 +
> > .../AARCH64-GCC/crypto/bn/armv8-mont.S | 2124 ++++++
> > .../crypto/ec/ecp_nistz256-armv8.S | 4242 +++++++++++
> > .../crypto/modes/aes-gcm-armv8_64.S | 6389 +++++++++++++++++
> > .../AARCH64-GCC/crypto/modes/ghashv8-armx.S | 552 ++
> > .../AARCH64-GCC/crypto/sha/keccak1600-armv8.S | 1009 +++
> > .../AARCH64-GCC/crypto/sha/sha1-armv8.S | 1211 ++++
> > .../AARCH64-GCC/crypto/sha/sha256-armv8.S | 2051 ++++++
> > .../AARCH64-GCC/crypto/sha/sha512-armv8.S | 1606 +++++
> > .../Library/OpensslLib/OpensslLibAccel.inf | 642 +-
> > .../OpensslLib/OpensslLibFullAccel.inf | 691 +-
> > .../OpensslLib/OpensslStub/AArch64Cap.c | 107 +
> > CryptoPkg/Library/OpensslLib/UefiAsm.conf | 6 +
> > CryptoPkg/Library/OpensslLib/configure.py | 5 +-
> > CryptoPkg/Readme.md | 14 +-
> > MdePkg/Include/Library/BaseLib.h | 86 +
> > .../BaseLib/AArch64/ArmReadCntPctReg.S | 30 +
> > .../BaseLib/AArch64/ArmReadCntPctReg.asm | 30 +
> > .../AArch64/ArmReadIdAA64Isar0Reg.S} | 10 +-
> > .../AArch64/ArmReadIdAA64Isar0Reg.asm} | 10 +-
> > MdePkg/Library/BaseLib/BaseLib.inf | 6 +-
> > MdePkg/Library/BaseRngLib/AArch64/ArmRng.h | 12 -
> > MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 14 +-
> > MdePkg/Library/BaseRngLib/BaseRngLib.inf | 2 -
> > 27 files changed, 25320 insertions(+), 57 deletions(-) create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/aes/aesv8-armx.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/aes/vpaes-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/arm64cpuid.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/bn/armv8-mont.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/ec/ecp_nistz256-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/modes/aes-gcm-armv8_64.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/modes/ghashv8-armx.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/keccak1600-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha1-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha256-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha512-armv8.S
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/AArch64Cap.c
> > create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadCntPctReg.S
> > create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadCntPctReg.asm
> > rename MdePkg/Library/{BaseRngLib/AArch64/ArmReadIdIsar0.S => BaseLib/AArch64/ArmReadIdAA64Isar0Reg.S} (70%) rename MdePkg/Library/{BaseRngLib/AArch64/ArmReadIdIsar0.asm => BaseLib/AArch64/ArmReadIdAA64Isar0Reg.asm} (72%)
> >
> > --
> > 2.25.1
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110917): https://edk2.groups.io/g/devel/message/110917
Mute This Topic: https://groups.io/mt/102342394/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-11-08 15:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-02 13:54 [edk2-devel] [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support for AARCH64 PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 1/7] MdePkg/BaseLib: AARCH64: Add ArmReadCntPctReg() PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 2/7] MdePkg/BaseLib: AARCH64: Add ArmReadIdAA64Isar0Reg() PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 3/7] MdePkg/BaseRngLib: Prefer ArmReadIdAA64Isar0Reg() over ArmReadIdIsar0() PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 4/7] CryptoPkg/OpensslLib: Add native instruction support for AARCH64 PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 5/7] CryptoPkg/OpensslLib: Generate files for AARCH64 native support PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 6/7] CryptoPkg/OpensslLib: Add AArch64Cap for arch specific hooks PierreGondois
2023-11-07 9:21 ` Gerd Hoffmann
2023-11-08 14:40 ` PierreGondois
2023-11-02 13:54 ` [edk2-devel] [PATCH v1 7/7] CryptoPkg: Enable Openssl Accel builds for AARCH64 PierreGondois
2023-11-07 2:38 ` [edk2-devel] [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support " Li, Yi
2023-11-07 2:57 ` Yao, Jiewen
2023-11-08 14:39 ` PierreGondois
2023-11-08 15:03 ` Ard Biesheuvel [this message]
2023-11-08 16:19 ` PierreGondois
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMj1kXHNBpQTFC84kibpv=52uhwzwCX4U8n=a+XzJVsQYmMy3g@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox