HoneyComb LX2K update 1 – after 2 months

It has been 2 month since my last post about my ARM workstation/server. I think it’s time for an update for how thing are going and if there’s problems. In sort: no. There’s not major issus with the board. NXP and SolidRun have done a very good job building it.

Performance

Without a doubt, the board is very performant. My board have been working as my media streaming server, a data analysis server and a dedicated ARM build server for my university lab. Nevertheless, the performance characteristic is quite different comparing to a equally spec-ed x86.

Openbenchmarking shows the LX2160A is at least comparable with Ryzen 2400G. But in my experience it really depends on what work load it is doing. I find the LX2160A struggles to transcode 4K 60FS H256 into 1080p in realtime and run scikit-learn on a production dataset and HTM calculations. But it is totally a beast when doing FFT and raytracing. I can only guess this have something to do with the cache and branch prediction. It seems to struggle when decision making and memory access is the bottlenek while very good at pure number crunching. Did I bought a GPU that happens runs Linux?

Building Missing Packages

Arch Linux ARM have done a great job maintaining and building Arch Linux for ARM processors. They pull the buildscripts from Arch Linux directly and build them for ARM. But this process does not work automatically for all packages. Some packages are configured to build only on x86 by default and flags need to be set to build on ARM. Consequently the package is not available in the ARM repo. cern-vdt is one of them; configured to vectorize using SSE. Obviously that won’t build on ARM. The solution is simple. Arch Linux’s repository is really just a bunch of PKGBUILDs that you use the same way you use AUR. Grab the PKGBUILD and patches, edit a bit, and run makepkg -si. Done.

Fortunately not much of the packages I need have to be built this way. But I found myself in a nasty linking issue while I’m trying to get ROOT to build as a package (so I can finally get rid of my “launch a shell in systemd to load config else ROOT won’t work” hack). The PKGBUILD for ROOT always generates a clean directory to build. Making solving the problem annoying as it takes more than 30 minutes to get to the error and I have to clean build every time. So I did a hack – remove the line in url and xxxsums that points to the source code.

Yay. ROOT package on ARM!

Security

I started to notice that fail2ban wasn’t working as expected after a few days. Turns out REJECT wasn’t supported by iptables and the kernel. Set fail2ban to use DROP solves the issue. Tho I never figured what causes this, I’m very sure every command is enabled in the kernel.

Also. as much as I want to have a MAC like AppArmor to protect the system from ACE in cases there’s a hole in any of the services. Mainline Linux 5.6 won’t boot on the board yet – I’m still stuck at 4.19. And I’m not up to the idea of building AppArmor from scratch. I’ll have to rely on traditional UNIX user and group permissions for now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: