Sun T2/Niagara Hardware Crypto Acceleration with Debian Linux?

Question

I wanted to use an older T2 machine as a webserver for SSL heavy websites. With Solaris, there is the crypto acceleration available which would make sense for SSL. Now I am wondering if this crypto acceleration has ever been ported to Linux?

# cat /etc/debian_version
7.7

# cat /proc/cpuinfo
cpu             : UltraSparc T2 (Niagara2)
fpu             : UltraSparc T2 integrated FPU
pmu             : niagara2
prom            : OBP 4.32.2.b 2010/12/21 20:20
type            : sun4v
ncpus probed    : 64
ncpus active    : 64
D$ parity tl1   : 0
I$ parity tl1   : 0
cpucaps         : flush,stbar,swap,muldiv,v9,blkinit,n2,mul32,div32,v8plus,popc,vis,vis2,ASIBlkInit

# openssl engine
(dynamic) Dynamic engine loading support

Answer 1

I couldn't stop thinking about this, so I installed another T2 machine with Solaris 10 and the pkcs11 patches. It seems that, although not stated in dmesg, openssl engine or otherwise, hardware acceleration for the Niagara CPU is already implemented in Linux:

Solaris 10

# /usr/sfw/bin/openssl speed aes-128-cbc -engine pkcs11
engine "pkcs11" set.
Doing aes-128 cbc for 3s on 16 size blocks: 2752929 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 64 size blocks: 718278 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 181422 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 45305 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 5566 aes-128 cbc's in 3.00s
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-3555 CVE-2010-4180)
built on: date not available
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial) blowfish(ptr)
compiler: information not available
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      14731.39k    15323.26k    15481.34k    15464.11k    15198.89k

Linux

# openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 3247945 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 958075 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 250480 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 63411 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 7802 aes-128 cbc's in 3.00s
OpenSSL 1.0.1e 11 Feb 2013
built on: Wed Oct 15 18:50:32 UTC 2014
options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      17322.37k    20438.93k    21374.29k    21644.29k    21304.66k