You're right, CRYPTO_DEV_GEODE creates module geode-aes, but from what I understand it's only used by the kernel. OpenSSL doesn't support it and I couldn't find a patch.
2011/4/18 Michael Proto <[email protected]>: > 2011/4/18 Guillaume Filion <[email protected]>: >> Hi, >> >> I've been looking into using the hardware crypto acceleration on the Geode >> chip of the net5501 (and maybe get a vpn1411 card) on my web load balancer >> (nginx) running on Debian. >> >> Right now I'm a bit confused on what my options are, so let me write my >> understanding of the situation and please correct anything that is >> inaccurate: >> >> 1. The geode hardware crypto acceleration only works for aes-128-cbc. >> vpn1411 works for a lot more ciphers/key sizes. >> >> 2. There's no out-of-the-box support for hardware crypto acceleration of the >> geode or the vpn1411 under linux. >> >> 3. The only way to support it is with ocf-linux, which requires a patch for >> the kernel and openssl. >> >> 4. There's no debian kernel package available with the ocf-linux patch >> already in place. >> >> 5. ocf-linux only supports kernels up to 2.6.26 (debian stable is at >> 2.6.32). >> >> 6. I should really consider switching to openbsd... >> >> Please tell my if I'm missing something, otherwise, I think I'll seriously >> look into implementing #6... > > (I'm not running either the Geode or vpn1411 crypto under Linux so > take what's below with a grain of salt, but...) > > Looking at the kernel config for my ubuntu 10.04 server, I do see > entries for both of these crypto devices in the mainline default > kernel: > > CONFIG_CRYPTO_DEV_GEODE=m > CONFIG_CRYPTO_DEV_HIFN_795X=m > CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y > > The Geode should cover the Geode LX CPU's onboard crypto and the HiFn > 7956 would be the vpn1411. OpenSSL may still need to be patched, but > in-kernel ops would utilize both crypto accelerators should the > appropriate modules be loaded I would think. > > > -Proto > -- http://guillaume.filion.org/ _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
