====== Raspberry Pi mit dot1X, RADIUS & MACsec ======
Diese Anleitung geht davon aus dass der Raspberry Pi 5 mit Raspberry Pi OS "Trixie" verwendet wird!
===== Kernel mit MACsec kompilieren =====
Um Zeit zu sparen, empfehle ich den Kernel/Module nicht auf dem Pi selbst zu kompilieren, sondern in einer Debian-VM die auf einem ARM-basierten System läuft (z.B. MacBook Pro mit M1(+) Prozessor) - alternativ mit Cross-Compile Toolchain.
benny@debian:~$ mkdir raspiOct
benny@debian:~$ cd raspiOct
benny@debian:~/raspiOct$ git clone --depth=1 --branch rpi-6.12.y https://github.com/raspberrypi/linux
Cloning into 'linux'...
remote: Enumerating objects: 92781, done.
remote: Counting objects: 100% (92781/92781), done.
remote: Compressing objects: 100% (82502/82502), done.
remote: Total 92781 (delta 9561), reused 85758 (delta 9291), pack-reused 0 (from 0)
Receiving objects: 100% (92781/92781), 258.36 MiB | 22.61 MiB/s, done.
Resolving deltas: 100% (9561/9561), done.
Updating files: 100% (87559/87559), done.
benny@debian:~/raspiOct$ cd linux/
benny@debian:~/raspiOct/linux$ KERNEL=kernel_2712
benny@debian:~/raspiOct/linux$ make bcm2712_defconfig
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
HOSTCC scripts/kconfig/confdata.o
HOSTCC scripts/kconfig/expr.o
LEX scripts/kconfig/lexer.lex.c
YACC scripts/kconfig/parser.tab.[ch]
HOSTCC scripts/kconfig/lexer.lex.o
HOSTCC scripts/kconfig/menu.o
HOSTCC scripts/kconfig/parser.tab.o
HOSTCC scripts/kconfig/preprocess.o
HOSTCC scripts/kconfig/symbol.o
HOSTCC scripts/kconfig/util.o
HOSTLD scripts/kconfig/conf
#
# configuration written to .config
#
benny@debian:~/raspiOct/linux$ make menuconfig
HOSTCC scripts/kconfig/mconf.o
HOSTCC scripts/kconfig/lxdialog/checklist.o
HOSTCC scripts/kconfig/lxdialog/inputbox.o
HOSTCC scripts/kconfig/lxdialog/menubox.o
HOSTCC scripts/kconfig/lxdialog/textbox.o
HOSTCC scripts/kconfig/lxdialog/util.o
HOSTCC scripts/kconfig/lxdialog/yesno.o
HOSTCC scripts/kconfig/mnconf-common.o
HOSTLD scripts/kconfig/mconf
*** End of the configuration.
*** Execute 'make' to start the build or try 'make help'.
benny@debian:~/raspiOct/linux$ make -j4 Image.gz modules dtbs
...
benny@debian:~/raspiOct/linux$ mkdir modules
benny@debian:~/raspiOct/linux$ env PATH=$PATH make INSTALL_MOD_PATH=/home/benny/raspiOct/linux/modules modules_install
...
benny@debian:~/raspiOct/linux$ tar czf kernel-macsec.tar.gz arch/
benny@debian:~/raspiOct/linux$ tar czf modules-macsec.tar.gz modules
benny@debian:~/raspiOct/linux$ scp kernel-macsec.tar.gz pi@192.168.11.199:
The authenticity of host '192.168.11.199 (192.168.11.199)' can't be established.
ED25519 key fingerprint is SHA256:QnYk4nWf6N14XBgP1mxamkrQGf+s2RugmcqEJ942J8o.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.11.199' (ED25519) to the list of known hosts.
pi@192.168.11.199's password:
kernel-macsec.tar.gz 100% 47MB 3.5MB/s 00:13
benny@debian:~/raspiOct/linux$ scp modules-macsec.tar.gz pi@192.168.11.199:
pi@192.168.11.199's password:
modules-macsec.tar.gz 100% 21MB 3.4MB/s 00:06
===== Neuen Kernel auf dem Pi nutzen =====
[[https://www.raspberrypi.com/documentation/computers/linux_kernel.html|Offizielle Anleitung des Raspberry Pi Teams bzgl. Kernel kompilieren & Installation]]
pi@MACsecPi:~ $ ls
kernel-macsec.tar.gz modules-macsec.tar.gz
pi@MACsecPi:~ $ tar xzf kernel-macsec.tar.gz
pi@MACsecPi:~ $ tar xzf modules-macsec.tar.gz
pi@MACsecPi:~ $ sudo mv modules/lib/modules/6.12.50-v8-16k+/ /lib/modules/
pi@MACsecPi:~ $ sudo chown -R root:root /lib/modules/6.12.50-v8-16k+/
pi@MACsecPi:~ $ sudo cp arch/arm64/boot/Image.gz /boot/firmware/kernel-macsec.img
pi@MACsecPi:~ $ sudo cp arch/arm64/boot/dts/broadcom/*.dtb /boot/firmware
pi@MACsecPi:~ $ sudo cp arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/
pi@MACsecPi:~ $ sudo cp arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/
===== PKI mit OpenSSL erzeugen =====
Passwort: demoDEMOdemoOnly
my-openssl.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./demoCA
certs = $dir/certs
new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
private_key = $dir/private/ca.key
certificate = $dir/certs/ca.crt
default_days = 3650
default_md = sha256
policy = policy_strict
x509_extensions = v3_ca
[ policy_strict ]
commonName = supplied
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
string_mask = utf8only
default_md = sha256
x509_extensions = v3_ca
[ req_distinguished_name ]
commonName = Common Name (CN)
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:TRUE
keyUsage = critical,keyCertSign,cRLSign
[ v3_server ]
basicConstraints = CA:FALSE
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_client ]
basicConstraints = CA:FALSE
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = clientAuth
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
benny@Bennys-MacBook-Pro-8 MACsecCA % ls
benny@Bennys-MacBook-Pro-8 MACsecCA % touch my-openssl.cnf
benny@Bennys-MacBook-Pro-8 MACsecCA % vi my-openssl.cnf
benny@Bennys-MacBook-Pro-8 MACsecCA %
benny@Bennys-MacBook-Pro-8 MACsecCA % mkdir -p demoCA/{certs,newcerts,private}
benny@Bennys-MacBook-Pro-8 MACsecCA % touch demoCA/index.txt
benny@Bennys-MacBook-Pro-8 MACsecCA % echo 1000 > demoCA/serial
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout demoCA/private/ca.key -out demoCA/certs/ca.crt \
-config my-openssl.cnf -subj "/CN=MACsecCA"
Generating a 4096 bit RSA private key
...................................................++++
...................................++++
writing new private key to 'demoCA/private/ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl req -new -nodes -out server.csr -newkey rsa:4096 -keyout server.key \
-subj "/CN=mein-radius.local"
Generating a 4096 bit RSA private key
................++++
...........................++++
writing new private key to 'server.key'
-----
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl ca -config my-openssl.cnf -extensions v3_server \
-in server.csr -out server.crt -days 1825
Using configuration from my-openssl.cnf
Enter pass phrase for ./demoCA/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'mein-radius.local'
Certificate is to be certified until Oct 3 18:02:51 2030 GMT (1825 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl req -new -nodes -out client.csr -newkey rsa:4096 -keyout client.key \
-subj "/CN=MACsecPi"
Generating a 4096 bit RSA private key
.................................++++
......++++
writing new private key to 'client.key'
-----
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl ca -config my-openssl.cnf -extensions v3_client \
-in client.csr -out client.crt -days 730
Using configuration from my-openssl.cnf
Enter pass phrase for ./demoCA/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'MACsecPi'
Certificate is to be certified until Oct 4 18:04:46 2027 GMT (730 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
benny@Bennys-MacBook-Pro-8 MACsecCA % openssl rsa -aes256 -in server.key -out server-enc.key
writing RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
===== wpa_supplicant v2.11 kompilieren =====
Wurde offenbar ohne MACsec kompiliert in Raspberry Pi OS Trixie, daher mal manuell probieren.
wpa_supplicant v2.11 reagiert nicht auf den "Key Server".
pi@MACsecPi:~ wget https://w1.fi/releases/wpa_supplicant-2.11.tar.gz
pi@MACsecPi:~ tar xzf wpa_supplicant-2.11.tar.gz
pi@MACsecPi:~/wpa_supplicant-2.11/wpa_supplicant $
pi@MACsecPi:~/wpa_supplicant-2.11/wpa_supplicant $ cp defconfig .config
pi@MACsecPi:~/wpa_supplicant-2.11/wpa_supplicant $ vi .config
pi@MACsecPi:~/wpa_supplicant-2.11/wpa_supplicant $ sudo apt install dbus-1 libnl-3.0 libssl-dev libdbus-1-3 libdbus-1-dev libnl-3-dev libnl-genl-3-dev install libnl-route-3-dev
pi@MACsecPi:~/wpa_supplicant-2.11/wpa_supplicant $ make
===== Konfiguration für 802.1X mit MACsec (802.1AE) =====
pi@MACsecPi:~ $ cat dot1X.conf
eapol_version=3
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=TLS
identity="MACsecPi"
ca_cert="/home/pi/MACsecCA/radius_ca_chain.pem"
client_cert="/home/pi/MACsecCA/client.crt"
private_key="/home/pi/MACsecCA/client.key"
eapol_flags=0
macsec_policy=1
macsec_port=30000
}
===== Befehl für Verbindungsaufbau =====
Es ist elementar wichtig hier "macsec_linux" als Treiber zu verwenden anstatt "wired"!
pi@MACsecPi:~ $ sudo wpa_supplicant -i eth0 -D wired -c dot1X.conf -ddd
# Funktioniert, bis es nicht mehr funktioniert ...
Fehler: EAPOL type 5 will be handled by MKA
pi@MACsecPi:~ $ sudo wpa_supplicant -i eth0 -D macsec_linux -c dot1X.conf –ddd
pi@MACsecPi:~ $ sudo dhcpcd macsec0
===== Ausgabe von "ip macsec show macsec0" =====
pi@MACsecPi:~ $ ip macsec show macsec0
4: macsec0: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off
cipher suite: GCM-AES-128, using ICV length 16
TXSC: 2ccf67b441497530 on SA 0
0: PN 71, state on, key cddd869e518389d333cc45e601000000
RXSC: 9424e16b34650001, state on
0: PN 484, state on, key cddd869e518389d333cc45e601000000
offload: off
===== Ausgaben vom Switch =====
==== show unp user ====
-> show unp user
User
Port Username Mac address IP (V4/V6) Vlan Profile Type Status
--------+--------------------+-----------------+----------------------------------------+----+--------------------------------+------------+-----------
1/1/3 MACsecPi 2c:cf:67:b4:41:49 192.168.15.155 15 vlan15 Bridge Active
Total users : 1
==== show unp user details ====
-> show unp user details
Port: 1/1/3
MAC-Address: 2c:cf:67:b4:41:49
SAP = -,
Service ID = -,
VNID = -,
VPNID = -,
ISID = -,
VPLSID = -,
Access Timestamp = 11/10/2025 17:40:30,
User Name = MACsecPi,
IP-Address = 192.168.15.155,
Vlan = 15,
Authentication Type = 802.1x,
Authentication Status = Authenticated,
Authentication Failure Reason = -,
Authentication Retry Count = 0,
Authentication Server IP Used = 143.209.0.2,
Authentication Server Used = UPAMRadiusServer,
Server Reply-Message = -,
Profile = vlan15,
Profile Source = Auth - Pass - Default UNP,
Profile From Auth Server = -,
Implict Trust-Tag Source = -,
RADIUS Alcatel-trust-tag-vlans = -,
Session Timeout = 0,
Classification Profile Rule = -,
Role = -,
Role Source = -,
User Role Rule = -,
Restricted Access = No,
Location Policy Status = -,
Time Policy Status = -,
QMR Status = Passed,
Redirect Url = -,
SIP Call Type = Not in a call,
SIP Media Type = None,
Applications = None,
Encap Value = -,
Rule ID = -,
Total users : 1
==== show interfaces macsec dynamic ====
-> show interfaces macsec dynamic
Server Transmit Key Operation
Chas/Slot/Port Admin-State Mode Keychain Encryption Priority Interval(Sec) Server Status
----------------+-------------+----------+----------+------------+----------+---------------+--------+--------------
1/1/3 Enabled radius NA Enabled 15 2 YES UP
1/1/5 Enabled radius NA Enabled 15 2 YES DOWN
==== show interfaces macsec 1/1/3 ====
-> show interfaces macsec 1/1/3
Chas/Slot/Port Admin-State Mode Encryption Exchange Data Session Time (Min) Cipher Suite
---------------+-------------+----------+--------------+---------------------+-----------------------+-----------------
1/1/3 Enabled Radius Enabled - - gcm-aes-128
==== show interfaces macsec statistics 1/1/3 ====
-> show interfaces macsec statistics 1/1/3
Chassis/Slot/Port 1/1/3
Byte Transmitted : 11085688, Untagged TX Pkts : 0,
Too Long TX Pkts : 0, Byte Received : 3619771305,
Untagged RX Pkts : 0, No Tagged RX Pkts : 1466,
Bad Tagged RX Pkts : 0, Unknown SCI RX Pkts : 0,
No SCI RX Pkts : 0, Overrun RX Pkts : 0,
SCI-TX: 0x9424e16b34650001
TX Protected Pkts : 0, TX Encrypted Pkts : 207,
TX Octets Protected : 0, TX Octets Encrypted : 10865928,
SA: 0
TX Protected Pkts : 0, TX Encrypted Pkts : 0,
SCI-RX: 0x2ccf67b441497530
RX Unused SA Pkts : 0, RX No Using SA Pkts : 0,
RX Late Pkts : 0, RX Not Valid Pkts : 0,
RX Invalid Pkts : 0, RX Delayed Pkts : 0,
RX Unchecked Pkts : 0, RX OK Pkts : 62,
RX Octets Validated : 0, RX Octets Decrypted : 3619541905,
SA: 0
RX Unused SA Pkts : 0, RX No Using SA Pkts : 0,
RX Not Valid Pkts : 0, RX Invalid Pkts : 0,
RX OK Pkts : 0,
===== Performance =====
==== iPerf3 mit MACsec ====
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
Accepted connection from 192.168.15.155, port 39398
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.155 port 39414
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 110 MBytes 920 Mbits/sec
[ 5] 1.00-2.00 sec 110 MBytes 921 Mbits/sec
[ 5] 2.00-3.00 sec 110 MBytes 921 Mbits/sec
[ 5] 3.00-4.00 sec 110 MBytes 921 Mbits/sec
[ 5] 4.00-5.00 sec 110 MBytes 921 Mbits/sec
[ 5] 5.00-6.00 sec 110 MBytes 921 Mbits/sec
[ 5] 6.00-7.00 sec 110 MBytes 921 Mbits/sec
[ 5] 7.00-8.00 sec 110 MBytes 921 Mbits/sec
[ 5] 8.00-9.00 sec 110 MBytes 921 Mbits/sec
[ 5] 9.00-10.00 sec 110 MBytes 921 Mbits/sec
[ 5] 10.00-10.01 sec 718 KBytes 915 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 1.07 GBytes 921 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201 (test #2)
-----------------------------------------------------------
Accepted connection from 192.168.15.155, port 56352
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.155 port 56362
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 110 MBytes 920 Mbits/sec
[ 5] 1.00-2.00 sec 110 MBytes 921 Mbits/sec
[ 5] 2.00-3.00 sec 110 MBytes 921 Mbits/sec
[ 5] 3.00-4.00 sec 110 MBytes 921 Mbits/sec
[ 5] 4.00-5.00 sec 109 MBytes 915 Mbits/sec
[ 5] 5.00-6.00 sec 110 MBytes 921 Mbits/sec
[ 5] 6.00-7.00 sec 110 MBytes 921 Mbits/sec
[ 5] 7.00-8.00 sec 110 MBytes 921 Mbits/sec
[ 5] 8.00-9.00 sec 110 MBytes 921 Mbits/sec
[ 5] 9.00-10.00 sec 110 MBytes 921 Mbits/sec
[ 5] 10.00-10.01 sec 635 KBytes 908 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 1.07 GBytes 920 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201 (test #3)
-----------------------------------------------------------
Accepted connection from 192.168.15.155, port 57584
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.155 port 57596
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 110 MBytes 920 Mbits/sec
[ 5] 1.00-2.00 sec 110 MBytes 921 Mbits/sec
[ 5] 2.00-3.00 sec 110 MBytes 921 Mbits/sec
[ 5] 3.00-4.00 sec 110 MBytes 921 Mbits/sec
[ 5] 4.00-5.00 sec 110 MBytes 921 Mbits/sec
[ 5] 5.00-6.00 sec 110 MBytes 921 Mbits/sec
[ 5] 6.00-7.00 sec 110 MBytes 921 Mbits/sec
[ 5] 7.00-8.00 sec 110 MBytes 921 Mbits/sec
[ 5] 8.00-9.00 sec 110 MBytes 921 Mbits/sec
[ 5] 9.00-10.00 sec 110 MBytes 921 Mbits/sec
[ 5] 10.00-10.01 sec 783 KBytes 919 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 1.07 GBytes 921 Mbits/sec receiver
==== iPerf3 ohne MACsec ====
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
Accepted connection from 192.168.15.154, port 52334
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.154 port 52336
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 111 MBytes 933 Mbits/sec
[ 5] 1.00-2.00 sec 111 MBytes 934 Mbits/sec
[ 5] 2.00-3.00 sec 111 MBytes 934 Mbits/sec
[ 5] 3.00-4.00 sec 111 MBytes 934 Mbits/sec
[ 5] 4.00-5.00 sec 111 MBytes 933 Mbits/sec
[ 5] 5.00-6.00 sec 111 MBytes 935 Mbits/sec
[ 5] 6.00-7.00 sec 111 MBytes 933 Mbits/sec
[ 5] 7.00-8.00 sec 111 MBytes 934 Mbits/sec
[ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec
[ 5] 9.00-10.00 sec 111 MBytes 934 Mbits/sec
[ 5] 10.00-10.00 sec 364 KBytes 933 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.09 GBytes 934 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201 (test #2)
-----------------------------------------------------------
Accepted connection from 192.168.15.154, port 57170
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.154 port 57186
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 111 MBytes 933 Mbits/sec
[ 5] 1.00-2.00 sec 111 MBytes 932 Mbits/sec
[ 5] 2.00-3.00 sec 111 MBytes 935 Mbits/sec
[ 5] 3.00-4.00 sec 111 MBytes 934 Mbits/sec
[ 5] 4.00-5.00 sec 111 MBytes 934 Mbits/sec
[ 5] 5.00-6.00 sec 111 MBytes 934 Mbits/sec
[ 5] 6.00-7.00 sec 111 MBytes 934 Mbits/sec
[ 5] 7.00-8.00 sec 111 MBytes 934 Mbits/sec
[ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec
[ 5] 9.00-10.00 sec 111 MBytes 934 Mbits/sec
[ 5] 10.00-10.00 sec 128 KBytes 434 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.09 GBytes 934 Mbits/sec receiver
-----------------------------------------------------------
Server listening on 5201 (test #3)
-----------------------------------------------------------
Accepted connection from 192.168.15.154, port 58078
[ 5] local 192.168.2.1 port 5201 connected to 192.168.15.154 port 58090
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 111 MBytes 933 Mbits/sec
[ 5] 1.00-2.00 sec 111 MBytes 934 Mbits/sec
[ 5] 2.00-3.00 sec 111 MBytes 933 Mbits/sec
[ 5] 3.00-4.00 sec 111 MBytes 934 Mbits/sec
[ 5] 4.00-5.00 sec 111 MBytes 934 Mbits/sec
[ 5] 5.00-6.00 sec 111 MBytes 934 Mbits/sec
[ 5] 6.00-7.00 sec 111 MBytes 934 Mbits/sec
[ 5] 7.00-8.00 sec 111 MBytes 934 Mbits/sec
[ 5] 8.00-9.00 sec 111 MBytes 934 Mbits/sec
[ 5] 9.00-10.00 sec 111 MBytes 934 Mbits/sec
[ 5] 10.00-10.00 sec 344 KBytes 911 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.09 GBytes 934 Mbits/sec receiver
==== Raspberry Pi bietet AES-Beschleunigung in Hardware ====
Der hohe Durchsatz trotz MACsec ist auf die AES-Beschleunigung in Hardware auf dem Pi zurückzuführen:
pi@MACsecPi:~ $ cat /proc/cpuinfo
processor : 0
BogoMIPS : 108.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x4
CPU part : 0xd0b
CPU revision : 1
processor : 1
BogoMIPS : 108.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x4
CPU part : 0xd0b
CPU revision : 1
processor : 2
BogoMIPS : 108.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x4
CPU part : 0xd0b
CPU revision : 1
processor : 3
BogoMIPS : 108.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp
CPU implementer : 0x41
CPU architecture: 8
CPU variant : 0x4
CPU part : 0xd0b
CPU revision : 1
Revision : c04180
Serial : b889764a77c11e15
Model : Raspberry Pi Compute Module 5 Rev 1.0