For anyone who wants to take advantage of dedicated cryptographic resources in Kirkwood platform (AES-128/256, SHA1).
EDIT (2012/02/11): thanks to Arch Linux ARM community developers all packages necessary to use hardware cryptography accelerators are available through pacman, updated instructions for systemd (thanks to pklaus):
$this->bbcode_second_pass_code('', '
pacman -Syyu
pacman -S openssl-cryptodev
echo 'KERNEL=="crypto", MODE="0666"' > /etc/udev/rules.d/99-cryptodev.rules
# Load the kernel module manually after each new boot:
modprobe cryptodev
# or let systemd load it automatically on boot
echo "cryptodev" > /etc/modules-load.d/cryptodev.conf
')
I'm leaving old instructions just in case.
------------------------------- old instructions below -------------------------------
While searching the web for information on this topic I've found an article describing use of cryptodev-linux driver for openssl. Since I own a Pogoplug Pink (v2) based on the Kirkwood platform I've decided to give it a try.
1) Download current cryptodev-linux source from http://download.gna.org/cryptodev-linux/
2) compile and install and generate module.dep
$this->bbcode_second_pass_code('', '
# make
# make install
# depmod -a
')
3) download PKGBUILD for openssl from ArchLinuxArm git repositories
4) edit PKGBUILD and add configuration options for cryptodev:
$this->bbcode_second_pass_code('', '
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
"${openssltarget}" \
-Wa,--noexecstack "${CFLAGS}"
')
5) compile openssl into a package
$this->bbcode_second_pass_code('', '
# makepkg
')
6) install package
$this->bbcode_second_pass_code('', '
# pacman -U openssl-*.pkg.tar.gz
')
7) load cryptodev module (you can check that it's loaded with lsmod)
$this->bbcode_second_pass_code('', '
# modprobe cryptodev
')
if everything worked and there were no errors you should have new openssl that is using cryptodev to offload cryptographic tasks from CPU to dedicated resources (and therefore every other program that depends on openssl like ssh, scp, transmission, etc.)
8) make cryptodev load at boot -> edit /etc/rc.conf
$this->bbcode_second_pass_code('', '
MODULES=(cryptodev)
')
you can view my benchmarks in this topic: viewtopic.php?f=7&t=2451#p13657
edit:
9) because udev creates /dev/crypto with only root permitted to read/write to it, normal users can't use the device, this should be handled by apropriate udev rule (unfortunately I don't know how to create one), but in the meantime you can add this to /etc/rc.local
$this->bbcode_second_pass_code('', '
chmod go+rw /dev/crypto
')