Benchmarks (Mk II)
The following benchmarks aim to provide an approximate reference for USB armory CPU performance.
Please keep in mind that all benchmarks are affected by a multitude of factors including, and not limited to, compilation options, kernel options and configuration, running processes, etc. These results provide only an approximate reference and should be taken with a grain of salt.
All tests have been performed under Arch Linux ARM.
The USB armory Mk II CPU is an ARM Cortex-A7, with an approximate efficiency rating of 1.9 DMIPS/MHz.
The standard USB version mounts the i.MX6ULZ CPU (P/N MCIMX6Z0DVM09AB) which is clocked at 900 MHz.
The standard LAN version mounts the i.MX6ULL CPU (P/N MCIMX6Y2DVM09AB) which is clocked identically to the i.MX6ULZ, all i.MX6ULL benchmarks apply identically to this model as well.
Both models can be ordered (custom/bulk orders only) with the i.MX6UL (P/N MCIMX6G3DVM05AB) which is clocked at 528 MHz and has distinct security features.
The nbench utility is compiled with the following gcc flags:
-s -static -Wall -O3 -mfpu=neon-vfpv4 -mfloat-abi=hard -mcpu=cortex-a7 -mtune=cortex-a7 -fomit-frame-pointer -marm -funroll-loops -ffast-math
| Device | Memory Index | Integer Index | Floating-Point Index |
|---|---|---|---|
UA-MKII-ULZ |
4.665 | 6.383 | 5.987 |
UA-MKII-UL |
2.660 | 3.755 | 3.578 |
The following tests compare CPU bound execution of cryptographic algorithms with their hardware accelerated counterparts.
The TamaGo tests are executed using tamago-example.
The OpenSSL tests are executed using the following version:
OpenSSL 1.1.1n 15 Mar 2022
built on: Mon Feb 20 10:04:50 2023 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-3a17yR/openssl-1.1.1n=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
| Device | Algorithm | Library¹ | Accel | 256 bytes | 1024 bytes | 8192 bytes | 65536 bytes | 1048576 bytes |
|---|---|---|---|---|---|---|---|---|
UA-MKII-UL |
aes-128-cbc | TamaGo | none | 2925k | 3660k | 3939k | 3973k | 3851k |
UA-MKII-UL |
aes-128-cbc | TamaGo | CAAM | 1947k | 6411k | 22765k | 32757k | 31911k |
UA-MKII-UL |
aes-128-cbc | OpenSSL | none | 13091k | 13529k | 13669k | 13544k | 12804k |
UA-MKII-UL |
aes-128-cbc | OpenSSL | CAAM | 2435k | 7784k | 22926k | 13631k | 349k |
UA-MKII-UL |
sha256 | TamaGo | none | 3817k | 5152k | 5775k | 5898k | 5755k |
UA-MKII-UL |
sha256 | TamaGo | CAAM | 2626k | 10272k | 46997k | 83314k | 80552k |
UA-MKII-UL |
sha256 | OpenSSL | none | 11060k | 15917k | 18238k | 18332k | 16448k |
UA-MKII-ULZ |
aes-128-cbc | TamaGo | none | 4882k | 6177k | 6717k | 6769k | 6470k |
UA-MKII-ULZ |
aes-128-cbc | TamaGo | DCP | 4563k | 13071k | 30438k | 35661k | 35509k |
UA-MKII-ULZ |
aes-128-cbc | OpenSSL | none | 22392k | 23097k | 23306k | 23166k | 21179k |
UA-MKII-ULZ |
aes-128-cbc | OpenSSL | DCP | 3895k | 11325k | 27399k | 29578k | 349k |
UA-MKII-ULZ |
sha256 | TamaGo | none | 5986k | 8700k | 9854k | 10023k | 9597k |
UA-MKII-ULZ |
sha256 | TamaGo | DCP | 5220k | 17513k | 56999k | 76982k | 79532k |
UA-MKII-ULZ |
sha256 | OpenSSL | none | 18724k | 27143k | 31159k | 31522k | 26913k |
¹ TamaGo: (aes|sha) <size> 3 (soft)?, OpenSSL: openssl speed -evp (aes-128-cbc|sha256) -elapsed (-engine afalg)?
| Device | Algorithm | Library² | Accel | 32 bytes |
|---|---|---|---|---|
UA-MKII-UL |
ecdsap256 | TamaGo | none | 88/s |
UA-MKII-UL |
ecdsap256 | TamaGo | CAAMᵃ | 217/s |
UA-MKII-UL |
ecdsap256 | TamaGo | CAAMᵇ | 312/s |
UA-MKII-UL |
ecdsap256 | OpenSSL | none | 560/s |
UA-MKII-ULZ |
ecdsap256 | TamaGo | none | 147/s |
UA-MKII-ULZ |
ecdsap256 | OpenSSL | none | 860/s |
² TamaGo: (ecdsa) 10 (soft)?, OpenSSL: openssl speed ecdsap256
ᵃ Timing Equalization protection enabled
ᵇ Timing Equalization protection disabled
The Bus Encryption Engine (BEE) supports on-the-fly (OTF) AES-128 (ECB or CTR) encryption/decryption on the AXI bus.
The GoTEE example application supports BEE protection of the Trusted Applet RAM on i.MX6UL variants.
Enabling BEE imposes a performance penalty: a basic memory allocation test on OTF encrypted regions can be up to ~60% slower compared to running the same test with BEE disabled.