Early boot, activation, upgrades
Mitch Bradley
wmb at laptop.org
Tue Jul 10 15:12:47 EDT 2007
C. Scott Ananian wrote:
> On 7/10/07, Mitch Bradley <wmb at laptop.org> wrote:
>> In particular, the current code does:
>> Hashes file data with whirlpool
>> Hashes file data with SHA-512
>> Verifies RSA signature against whirlpool hash
>> Verifies RSA signature against SHA-512 hash
>> Verifies ECC signature against whirlpool hash
>> Verifies ECC signature against SHA-512 hash
>
> Well, the four signature validation checks are independent of the size
> of the file data. I think the original concern was whether the
> activation initramfs was going to bloat the kernel enough to
> significantly slow down the hashing steps. If that is the case, then
> dropping either whirlpool or SHA-512 would help -- or we could debloat
> the initramfs, split the initramfs signature from the kernel signature
> and only check the initramfs if it is used, speed up the whirlpool
> implementation, or speed up the SHA-512 implementation. I don't yet
> have an XO to benchmark on -- does anyone know the rough throughput
> (MB/s) of the current whirlpool and SHA-512 implementations?
> --scott
>
I'll have to do some more work to get a breakdown, but I do have a rough
number to use as a starting point.
Using junk data as the input and a good key file (that doesn't match the
junk data), the combined test goes at 1.5 seconds per megabyte. That is
basically the two hashes plus the first verification step
(RSA+whirlpool), since the first step will fail and it won't do the
other three. Regression indicates that the first verify step takes
about 35 ms - the bulk of the time is in the hash. I think the ECC
verification steps must be slower, because the total time for all steps
on good data of length 100K is 2.5 seconds.
More information about the Devel
mailing list