It has been 2 month since my last post about my ARM workstation/server. I think it’s time for an update for how thing are going and if there’s problems. In sort: no. There’s not major issus with the board. NXP and SolidRun have done a very good job building it.
Without a doubt, the board is very performant. My board have been working as my media streaming server, a data analysis server and a dedicated ARM build server for my university lab. Nevertheless, the performance characteristic is quite different comparing to a equally spec-ed x86.
Openbenchmarking shows the LX2160A is at least comparable with Ryzen 2400G. But in my experience it really depends on what work load it is doing. I find the LX2160A struggles to transcode 4K 60FS H256 into 1080p in realtime and run scikit-learn on a production dataset and HTM calculations. But it is totally a beast when doing FFT and raytracing. I can only guess this have something to do with the cache and branch prediction. It seems to struggle when decision making and memory access is the bottlenek while very good at pure number crunching.
Did I bought a GPU that happens runs Linux?
Building Missing Packages
Arch Linux ARM have done a great job maintaining and building Arch Linux for ARM processors. They pull the buildscripts from Arch Linux directly and build them for ARM. But this process does not work automatically for all packages. Some packages are configured to build only on x86 by default and flags need to be set to build on ARM. Consequently the package is not available in the ARM repo. cern-vdt is one of them; configured to vectorize using SSE. Obviously that won’t build on ARM. The solution is simple. Arch Linux’s repository is really just a bunch of PKGBUILDs that you use the same way you use AUR. Grab the PKGBUILD and patches, edit a bit, and run
makepkg -si. Done.
Fortunately not much of the packages I need have to be built this way. But I found myself in a nasty linking issue while I’m trying to get ROOT to build as a package (so I can finally get rid of my “launch a shell in systemd to load config else ROOT won’t work” hack). The PKGBUILD for ROOT always generates a clean directory to build. Making solving the problem annoying as it takes more than 30 minutes to get to the error and I have to clean build every time. So I did a hack – remove the line in
xxxsums that points to the source code.
I started to notice that fail2ban wasn’t working as expected after a few days. Turns out
REJECT wasn’t supported by iptables and the kernel. Set fail2ban to use DROP solves the issue. Tho I never figured what causes this, I’m very sure every command is enabled in the kernel.
Also. as much as I want to have a MAC like AppArmor to protect the system from ACE in cases there’s a hole in any of the services. Mainline Linux 5.6 won’t boot on the board yet – I’m still stuck at 4.19. And I’m not up to the idea of building AppArmor from scratch. I’ll have to rely on traditional UNIX user and group permissions for now.