EDIT (2012/02/11): thanks to Arch Linux ARM community developers all packages necessary to use hardware cryptography accelerators are available through pacman, updated instructions for systemd (thanks to pklaus):
- Code: Select all
pacman -Syyu
pacman -S openssl-cryptodev
echo 'KERNEL=="crypto", MODE="0666"' > /etc/udev/rules.d/99-cryptodev.rules
# Load the kernel module manually after each new boot:
modprobe cryptodev
# or let systemd load it automatically on boot
echo "cryptodev" > /etc/modules-load.d/cryptodev.conf
I'm leaving old instructions just in case.
------------------------------- old instructions below -------------------------------
While searching the web for information on this topic I've found an article describing use of cryptodev-linux driver for openssl. Since I own a Pogoplug Pink (v2) based on the Kirkwood platform I've decided to give it a try.
1) Download current cryptodev-linux source from http://download.gna.org/cryptodev-linux/
2) compile and install and generate module.dep
- Code: Select all
# make
# make install
# depmod -a
3) download PKGBUILD for openssl from ArchLinuxArm git repositories
4) edit PKGBUILD and add configuration options for cryptodev:
- Code: Select all
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
"${openssltarget}" \
-Wa,--noexecstack "${CFLAGS}"
5) compile openssl into a package
- Code: Select all
# makepkg
6) install package
- Code: Select all
# pacman -U openssl-*.pkg.tar.gz
7) load cryptodev module (you can check that it's loaded with lsmod)
- Code: Select all
# modprobe cryptodev
if everything worked and there were no errors you should have new openssl that is using cryptodev to offload cryptographic tasks from CPU to dedicated resources (and therefore every other program that depends on openssl like ssh, scp, transmission, etc.)
8) make cryptodev load at boot -> edit /etc/rc.conf
- Code: Select all
MODULES=(cryptodev)
you can view my benchmarks in this topic: viewtopic.php?f=7&t=2451#p13657
edit:
9) because udev creates /dev/crypto with only root permitted to read/write to it, normal users can't use the device, this should be handled by apropriate udev rule (unfortunately I don't know how to create one), but in the meantime you can add this to /etc/rc.local
- Code: Select all
chmod go+rw /dev/crypto