Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Lluís Batlle i Rossell]

On Sun, May 22, 2011 at 02:11:16AM +0100, Gordan Bobic wrote:
 Hi,
 
 In case anyone is interested, I got this working on F13. It required 
 building the cryptodev kernel module and rebuilding the standard F13 
 OpenSSL package with three additional parameters (the cryptodev support 
 is already in the standard OpenSSL package sources, it just isn't 
 enabled in the default build).
 
 More details available here:
 http://www.altechnative.net/?p=174

Do you know how would someone configure all to make openssh take advantage of
the cryptodev?

Thank you!
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Andrew Haley wrote:
 On 24/05/11 19:39, Gordan Bobic wrote:
 On 05/24/2011 06:37 PM, Adam Goode wrote:
 Have a look at this too:

 http://fedoraproject.org/wiki/FedoraCryptoConsolidation

 It was supposed to be the way forward regarding all this. Last I
 checked, it was only for applications, not libraries, though.
[...]
 I was under the impression that OpenSSL is a lot more prolific and
 it has more application level support, of the ones listed on the
 page above, at least the following:
 
 Perhaps, but its licence seems to be broken, so it can't be used as a
 general-purpose crypto library for Fedora.

This doesn't seem to prevent it from being used as such, as far as I can 
see.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Emmanuel Seyman]

* Gordan Bobic [25/05/2011 11:25] :

  Perhaps, but its licence seems to be broken, so it can't be used as a
  general-purpose crypto library for Fedora.
 
 This doesn't seem to prevent it from being used as such, as far as I can 
 see.

Actually, it does: http://lwn.net/Articles/428111/

Emmanuel

___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Emmanuel Seyman wrote:
 * Gordan Bobic [25/05/2011 11:25] :
 Perhaps, but its licence seems to be broken, so it can't be used as a
 general-purpose crypto library for Fedora.
 This doesn't seem to prevent it from being used as such, as far as I can 
 see.
 
 Actually, it does: http://lwn.net/Articles/428111/

That's all very theoretical and academic as long as half the distro is 
linking against OpenSSL anyway. We are where we are, and that will take 
time to change. Meanwhile, those of us living in the real world need to 
stick with the pragmatic approach of using what is there and works.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Peter Robinson]

On Tue, May 24, 2011 at 7:19 PM, Gordan Bobic gor...@bobich.net wrote:
 On 05/24/2011 07:05 PM, Peter Robinson wrote:
 On Tue, May 24, 2011 at 6:11 PM, Andrew Haleya...@redhat.com  wrote:
 On 05/23/2011 04:12 PM, Gordan Bobic wrote:
 omall...@msu.edu wrote:

 My question, is how hard is this to implement the hardware support
 non-openssl programs.

 Not particularly hard if you're writing your own crypto implementation
 anyway, but there's a lot to be said for just linking against OpenSSL.
 It's probably safer to link against the library that has a lot of eyes
 on it than it is to implement your own.

 OpenAFS could use this as it can use a lot of DES
 encryption, but it uses its own DES implementation. It also happens to
 be the only one I can think of off the top of my head that uses its own
 implementation. It would be nice to have.

 gpg seems to use its own AES implementation that's slower than SSL's.
 It would certainly be nice to fix that to use acceleration.

 It would be better to use nss as it has the option of all the various
 fips certifications which would be useful for gpg.

 Just out of interest, what is the fips option to configure on OpenSSL for?

 Alternatively I would think it would be better to use the HW crytpo
 user interface directly so you get HW acceleration if it avail or
 fallback if its not.

 Sure, just as OpenSSL does. The point here was that if it can be built
 to link against OpenSSL, it doesn't have to modify it's bundled crypto
 implementation for options with all possible crypto engines.

 I'd personally prefer not to use openssl for gpg
 as its not the most secure beast.

 The issue here seems to be philosophical. The simple fact is that we
 trust so much to OpenSSL we might as well save ourselves some memory and
 effort of reimplementing the wheel and maintaining that reimplemented
 wheel. Considering we already trust ssh and https in almost all
 instances to OpenSSL, I think the issue is pretty academic.

 One other thing to consider is that the reason OpenSSL gets
 cryptanalyzed so much is specifically because it is so popular. It also
 has a lot of eyes on it making sure it is tight and stays that way. IMO,
 using something else is bordering on security through obscurity - and
 that shouldn't be encouraged.

NSS gets a lot of review as well as its used in firefox and a lot of
other enterprise products (from RH and others). FIPS is one of the
certifications and reviews. There's some detail here [1] on the
difference between the FIPS differences between NSS and openssl.

Peter

[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation#FIPS_140
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Andrew Haley wrote:
 On 05/25/2011 10:38 AM, Gordan Bobic wrote:
 Emmanuel Seyman wrote:
 * Gordan Bobic [25/05/2011 11:25] :
 aph:
 Perhaps, but its licence seems to be broken, so it can't be used as a
 general-purpose crypto library for Fedora.
 This doesn't seem to prevent it from being used as such, as far as I can 
 see.
 Actually, it does: http://lwn.net/Articles/428111/
 That's all very theoretical and academic as long as half the distro is 
 linking against OpenSSL anyway. We are where we are, and that will take 
 time to change. Meanwhile, those of us living in the real world need to 
 stick with the pragmatic approach of using what is there and works.
 
 I don't think it's merely theoretical.  If there's one lesson we
 should have learned over the past few years, it's that licences
 really do matter.

It seems to me (and always has, thinking about it) that the argument of 
BSD vs. GPL vs. LGPL vs. whatever-other-open-source-licence has always 
been a passtime for people who lack either the ability or the 
inclination to get on with real productive work. Flame me for that 
statement all you want, but that's just what it's always looked like to me.

I don't see that this particular licensing issue is stopping OpenSSL 
shipping with every major distro, with a lot of packages linking against 
it. Hardlining on this issue seems like it blows things way out of 
proportion.

 It looks as though Fedora is going the NSS route
 anyway,  so presumably an OpenSSL-compatible library could be built on
 top of NSS, and the problem would go away.

I'm not against NSS - really I'm not. But there are other considerations 
to be taken into account.

1) Does NSS have any kind of support for hardware crypto offload? If so, 
I haven't found any references to it (but maybe my google-foo is weak 
today).

2) More abstraction (a OpenSSL-NSS shim library), means more bloat, 
more context switching and less performance. Is that really the way 
forward? I mean _really_?

3) Volume of supported commonly used software - if NSS has a clear 
advantage in terms of support base, then so be it, let's all put our 
weight behind it. But my perception is that this is not the case. 
Everything I touch upon on a daily basis seems to be linked against 
OpenSSL rather than NSS.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Andrew Haley]

On 05/25/2011 11:31 AM, Gordan Bobic wrote:
 Andrew Haley wrote:
 On 05/25/2011 10:38 AM, Gordan Bobic wrote:
 Emmanuel Seyman wrote:
 * Gordan Bobic [25/05/2011 11:25] :
 aph:
 Perhaps, but its licence seems to be broken, so it can't be used as a
 general-purpose crypto library for Fedora.
 This doesn't seem to prevent it from being used as such, as far as I can 
 see.
 Actually, it does: http://lwn.net/Articles/428111/
 That's all very theoretical and academic as long as half the distro is 
 linking against OpenSSL anyway. We are where we are, and that will take 
 time to change. Meanwhile, those of us living in the real world need to 
 stick with the pragmatic approach of using what is there and works.

 I don't think it's merely theoretical.  If there's one lesson we
 should have learned over the past few years, it's that licences
 really do matter.
 
 It seems to me (and always has, thinking about it) that the argument of 
 BSD vs. GPL vs. LGPL vs. whatever-other-open-source-licence has always 
 been a passtime for people who lack either the ability or the 
 inclination to get on with real productive work. Flame me for that 
 statement all you want, but that's just what it's always looked like to me.

OK, so that's how it looks to you.

 I don't see that this particular licensing issue is stopping
 OpenSSL shipping with every major distro, with a lot of packages
 linking against it. Hardlining on this issue seems like it blows
 things way out of proportion.

The point is not that one licence is better than the other, but that
some licences are incompatible.  The old BSD licence with the
advertising clause is broken because it prevents a library from being
used by some packages.  There is a new BSD licence that fixes the
problem.

 It looks as though Fedora is going the NSS route anyway, so
 presumably an OpenSSL-compatible library could be built on top of
 NSS, and the problem would go away.

Aha: I see http://fedoraproject.org/wiki/Nss_compat_ossl

 I'm not against NSS - really I'm not. But there are other considerations 
 to be taken into account.
 
 1) Does NSS have any kind of support for hardware crypto offload? If so, 
 I haven't found any references to it (but maybe my google-foo is weak 
 today).

Interesting question; not sure.

 2) More abstraction (a OpenSSL-NSS shim library), means more bloat, 
 more context switching and less performance. Is that really the way 
 forward? I mean _really_?

For bulk crypto operations an extra call via a shim probably doesn't
matter.  For some signature operations it might.

It seems like a clean solution from the point of view of application
developers, though.

 3) Volume of supported commonly used software - if NSS has a clear
 advantage in terms of support base, then so be it, let's all put our
 weight behind it. But my perception is that this is not the case.
 Everything I touch upon on a daily basis seems to be linked against
 OpenSSL rather than NSS.

Well, that's not true for everyone, and certainly not for users of
GPG.

But the real question is whether one group of Fedora developers is
determinedly going to push NSS and the other OpenSSL.  That is not a
route to happiness.

Andrew.
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Andrew Haley wrote:

 I'm not against NSS - really I'm not. But there are other considerations 
 to be taken into account.

 1) Does NSS have any kind of support for hardware crypto offload? If so, 
 I haven't found any references to it (but maybe my google-foo is weak 
 today).
 
 Interesting question; not sure.

I think it is an important one to answer, and sooner rather than later. 
This is particularly important to the ARM community since a lot of 
(most?) ARMs seem to have a crypto co-processor of some description 
(Freescales, Kirkwood and Tegra definitely seem to have this, I haven't 
checked others, but since these are the three classes of devices I own, 
that's 3 out of 3 - I don't think it's luck/coincidence).

This is particularly important for server applications. ARM is getting 
some traction in the server market. ZT make a really nice (if expensive) 
multi-ARM server. I have seriously discussed using ShevaPlugs/GuruPlugs 
specifically for large scale-out low-power SSL offload with clients. 
Crypto offload support is already important, and it's importance is only 
going to go up.

 2) More abstraction (a OpenSSL-NSS shim library), means more bloat, 
 more context switching and less performance. Is that really the way 
 forward? I mean _really_?
 
 For bulk crypto operations an extra call via a shim probably doesn't
 matter.  For some signature operations it might.
 
 It seems like a clean solution from the point of view of application
 developers, though.

The other thing that needs to be considered is added complexity and 
security. I would imagine that since there is an abstraction layer, it 
introduces additional scope for exploits (buffer overruns, stack 
smashing, etc.) Is this shim library going to also be FIPS certified? If 
not then the improved security aspect of NSS vs. OpenSSL comes a lot 
closer to pure marketing rhetoric (maybe that's where it's at at the 
moment anyway, I don't claim to be an expert on the subject).

 3) Volume of supported commonly used software - if NSS has a clear
 advantage in terms of support base, then so be it, let's all put our
 weight behind it. But my perception is that this is not the case.
 Everything I touch upon on a daily basis seems to be linked against
 OpenSSL rather than NSS.
 
 Well, that's not true for everyone, and certainly not for users of
 GPG.

I thought it was mentioned on this thread recently that GPG brings it's 
own implementation anyway. Did I misunderstand?

 But the real question is whether one group of Fedora developers is
 determinedly going to push NSS and the other OpenSSL.  That is not a
 route to happiness.

It's not, but losing crypto offload and/or a performance drop-off and 
bloat due to shimming isn't a happy solution, either. If we can address 
those (the latter by sending patches to build against NSS upstream so 
shimming isn't required), then it'd be a great idea.

But purely in terms of standardizing on a single crypto library - has 
anyone actually performed an exhaustive analysis on how much would need 
to be changed to go either way? The wiki page that has been referenced a 
few times seems distinctly non-exhaustive. Maybe my perception is 
non-representative here, but as I said, all the things I get my hands 
dirty on a regular basis are linked against OpenSSL rather than NSS. The 
pragmatist in me says that maybe that makes OpenSSL a better target to 
standardize on, but I would like to see an exhaustive analysis / 
empirical evidence showing otherwise.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Andrew Haley]

On 05/25/2011 12:06 PM, Gordan Bobic wrote:
 Andrew Haley wrote:
 
 I'm not against NSS - really I'm not. But there are other considerations 
 to be taken into account.

 1) Does NSS have any kind of support for hardware crypto offload? If so, 
 I haven't found any references to it (but maybe my google-foo is weak 
 today).

 Interesting question; not sure.
 
 I think it is an important one to answer, and sooner rather than later. 
 This is particularly important to the ARM community since a lot of 
 (most?) ARMs seem to have a crypto co-processor of some description 
 (Freescales, Kirkwood and Tegra definitely seem to have this, I haven't 
 checked others, but since these are the three classes of devices I own, 
 that's 3 out of 3 - I don't think it's luck/coincidence).

 This is particularly important for server applications. ARM is getting 
 some traction in the server market. ZT make a really nice (if expensive) 
 multi-ARM server. I have seriously discussed using ShevaPlugs/GuruPlugs 
 specifically for large scale-out low-power SSL offload with clients. 
 Crypto offload support is already important, and it's importance is only 
 going to go up.

Definitely, which is why it's important to focus on the right library
going forward.

 2) More abstraction (a OpenSSL-NSS shim library), means more bloat, 
 more context switching and less performance. Is that really the way 
 forward? I mean _really_?

 For bulk crypto operations an extra call via a shim probably doesn't
 matter.  For some signature operations it might.

 It seems like a clean solution from the point of view of application
 developers, though.
 
 The other thing that needs to be considered is added complexity and 
 security. I would imagine that since there is an abstraction layer, it 
 introduces additional scope for exploits (buffer overruns, stack 
 smashing, etc.) Is this shim library going to also be FIPS certified? If 
 not then the improved security aspect of NSS vs. OpenSSL comes a lot 
 closer to pure marketing rhetoric (maybe that's where it's at at the 
 moment anyway, I don't claim to be an expert on the subject).

Perhaps, but all this is just speculation AFAICS.  If a shim is
unnecessary then it should be avoided, obviously.

 3) Volume of supported commonly used software - if NSS has a clear
 advantage in terms of support base, then so be it, let's all put our
 weight behind it. But my perception is that this is not the case.
 Everything I touch upon on a daily basis seems to be linked against
 OpenSSL rather than NSS.

 Well, that's not true for everyone, and certainly not for users of
 GPG.
 
 I thought it was mentioned on this thread recently that GPG brings it's 
 own implementation anyway. Did I misunderstand?

It does, but I was responding to the claim that OpenSSL was being used
for everything you touch on a daily basis.  If that was not what you
implied, I apologize.  But if most crypto apps are using home-baked
library code, then it doesn't matter which crypto library we move to
because most apps will need to be ported anyway.

 But the real question is whether one group of Fedora developers is
 determinedly going to push NSS and the other OpenSSL.  That is not a
 route to happiness.
 
 It's not, but losing crypto offload and/or a performance drop-off and 
 bloat due to shimming isn't a happy solution, either.

It's a sight more happy than two groups of Fedora developers fighting
over the One True Crypto Library.  IMO.  :-)

 If we can address those (the latter by sending patches to build
 against NSS upstream so shimming isn't required), then it'd be a
 great idea.

Right.

 But purely in terms of standardizing on a single crypto library -
 has anyone actually performed an exhaustive analysis on how much
 would need to be changed to go either way? The wiki page that has
 been referenced a few times seems distinctly non-exhaustive. Maybe
 my perception is non-representative here, but as I said, all the
 things I get my hands dirty on a regular basis are linked against
 OpenSSL rather than NSS. The pragmatist in me says that maybe that
 makes OpenSSL a better target to standardize on, but I would like to
 see an exhaustive analysis / empirical evidence showing otherwise.

I think it's a mistake to characterize one set of developers as more
pragmatic than the other.  If we end up with a highly-performant
crypto library that some Fedora packages can't be linked against for
legal reasons, that would be -- pragmatically speaking -- a Very Bad
Thing.

Andrew.
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Peter Robinson]

I think this whole thread is getting a little out of hand. It was
mentioned initially about using other libraries instead of built in
routines in gpg.

 I'm not against NSS - really I'm not. But there are other considerations
 to be taken into account.

 1) Does NSS have any kind of support for hardware crypto offload? If so,
 I haven't found any references to it (but maybe my google-foo is weak
 today).

There's lots of reference to HW offload on NSS. For one its explicitly
mentioned in referenced Fedora consolidation [1], in the NSS FAQ [2]
and wikipedia [3] :-)

So its a matter of seeing how that integrates and fits with the the
linux kernel crypto api as that would be the obvious place to add the
support as if the HW is there it will get used and it would also get
access to any cpu acceleration that is not crypto specific (I've read
about using NEON for this for example).

[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation#Technology_selection
[2] https://developer.mozilla.org/en/NSS_FAQ
[3] http://en.wikipedia.org/wiki/Network_Security_Services#Hardware_support

 Interesting question; not sure.

 I think it is an important one to answer, and sooner rather than later.
 This is particularly important to the ARM community since a lot of
 (most?) ARMs seem to have a crypto co-processor of some description
 (Freescales, Kirkwood and Tegra definitely seem to have this, I haven't
 checked others, but since these are the three classes of devices I own,
 that's 3 out of 3 - I don't think it's luck/coincidence).

Remember this needs to be upstream in Fedora and other projects and
then Fedora ARM will get it by default. Work upstream, propose it as a
Fedora 16 feature and do the work.

I don't think its particularly important to ARM. It certainly helps on
ARM due to low processing but its relevant on all platforms and most
platforms have some form of crypto offload built in to the core CPU
now days. Hell even the AMD geode processor used in the XO has it.

 This is particularly important for server applications. ARM is getting
 some traction in the server market. ZT make a really nice (if expensive)
 multi-ARM server. I have seriously discussed using ShevaPlugs/GuruPlugs
 specifically for large scale-out low-power SSL offload with clients.
 Crypto offload support is already important, and it's importance is only
 going to go up.

Working in hosting myself with massive amounts of SSL offload we're
not exactly looking at arm. There's lots of other issues here, and
none of them are specific to ARM processors.

 2) More abstraction (a OpenSSL-NSS shim library), means more bloat,
 more context switching and less performance. Is that really the way
 forward? I mean _really_?

 For bulk crypto operations an extra call via a shim probably doesn't
 matter.  For some signature operations it might.

 It seems like a clean solution from the point of view of application
 developers, though.

 The other thing that needs to be considered is added complexity and
 security. I would imagine that since there is an abstraction layer, it
 introduces additional scope for exploits (buffer overruns, stack
 smashing, etc.) Is this shim library going to also be FIPS certified? If
 not then the improved security aspect of NSS vs. OpenSSL comes a lot
 closer to pure marketing rhetoric (maybe that's where it's at at the
 moment anyway, I don't claim to be an expert on the subject).

Read the details mentioned on the advantage of NSS over OpenSSL for
FIPS certification on the consolidation wiki.

 3) Volume of supported commonly used software - if NSS has a clear
 advantage in terms of support base, then so be it, let's all put our
 weight behind it. But my perception is that this is not the case.
 Everything I touch upon on a daily basis seems to be linked against
 OpenSSL rather than NSS.

 Well, that's not true for everyone, and certainly not for users of
 GPG.

 I thought it was mentioned on this thread recently that GPG brings it's
 own implementation anyway. Did I misunderstand?

Yes, that's why we ended up in the discussion of types of libary!

 But the real question is whether one group of Fedora developers is
 determinedly going to push NSS and the other OpenSSL.  That is not a
 route to happiness.

 It's not, but losing crypto offload and/or a performance drop-off and
 bloat due to shimming isn't a happy solution, either. If we can address
 those (the latter by sending patches to build against NSS upstream so
 shimming isn't required), then it'd be a great idea.

NSS supports HW. See above. All things need to be dealt with upstream.
Whether it be Fedora, kernel, NSS or other apps.

 But purely in terms of standardizing on a single crypto library - has
 anyone actually performed an exhaustive analysis on how much would need
 to be changed to go either way? The wiki page that has been referenced a
 few times seems distinctly non-exhaustive. Maybe my perception is
 non-representative here, but as I said, all the things I get 

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Andrew Haley wrote:

 3) Volume of supported commonly used software - if NSS has a clear
 advantage in terms of support base, then so be it, let's all put our
 weight behind it. But my perception is that this is not the case.
 Everything I touch upon on a daily basis seems to be linked against
 OpenSSL rather than NSS.
 Well, that's not true for everyone, and certainly not for users of
 GPG.
 I thought it was mentioned on this thread recently that GPG brings it's 
 own implementation anyway. Did I misunderstand?
 
 It does, but I was responding to the claim that OpenSSL was being used
 for everything you touch on a daily basis.  If that was not what you
 implied, I apologize.

Well, you could just infer that I don't use GPG on a daily basis. :)

 But if most crypto apps are using home-baked
 library code, then it doesn't matter which crypto library we move to
 because most apps will need to be ported anyway.

As far as I can tell, GPG is rather an exception. Most things don't 
bother re-inventing the wheel.

 But the real question is whether one group of Fedora developers is
 determinedly going to push NSS and the other OpenSSL.  That is not a
 route to happiness.
 It's not, but losing crypto offload and/or a performance drop-off and 
 bloat due to shimming isn't a happy solution, either.
 
 It's a sight more happy than two groups of Fedora developers fighting
 over the One True Crypto Library.  IMO.  :-)

I don't really see either as an option. So the key point seems to be 
getting NSS working with the kernel's crypto offload features (whether 
it's cryptodev or netlink is irrelevant, as long as it works).

 But purely in terms of standardizing on a single crypto library -
 has anyone actually performed an exhaustive analysis on how much
 would need to be changed to go either way? The wiki page that has
 been referenced a few times seems distinctly non-exhaustive. Maybe
 my perception is non-representative here, but as I said, all the
 things I get my hands dirty on a regular basis are linked against
 OpenSSL rather than NSS. The pragmatist in me says that maybe that
 makes OpenSSL a better target to standardize on, but I would like to
 see an exhaustive analysis / empirical evidence showing otherwise.
 
 I think it's a mistake to characterize one set of developers as more
 pragmatic than the other.  If we end up with a highly-performant
 crypto library that some Fedora packages can't be linked against for
 legal reasons, that would be -- pragmatically speaking -- a Very Bad
 Thing.

I agree. My concern is that this is looking like glibc vs. 
some-other-libc argument all over again, and years later that is still 
not resolved (all that come out of that, AFAICT is that dietlibc now 
ships as standard); and some things still don't work properly built 
against glibc (e.g. util-vserver). I can easily see all this remaining 
unresolved come Fedora 25 in 5 years' time. Unless we start outright 
banning things that don't conform, that is - and you wouldn't end up 
with a usable distro if you outright excluded OpenSSL dependants.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Peter Robinson wrote:
 Interesting question; not sure.
 I think it is an important one to answer, and sooner rather than later.
 This is particularly important to the ARM community since a lot of
 (most?) ARMs seem to have a crypto co-processor of some description
 (Freescales, Kirkwood and Tegra definitely seem to have this, I haven't
 checked others, but since these are the three classes of devices I own,
 that's 3 out of 3 - I don't think it's luck/coincidence).
 
 Remember this needs to be upstream in Fedora and other projects and
 then Fedora ARM will get it by default. Work upstream, propose it as a
 Fedora 16 feature and do the work.
 
 I don't think its particularly important to ARM. It certainly helps on
 ARM due to low processing but its relevant on all platforms and most
 platforms have some form of crypto offload built in to the core CPU
 now days. Hell even the AMD geode processor used in the XO has it.

Don't confuse crypto offload with crypto instructions. The new x86 stuff 
has crypto instructions that make AES churn faster, but that doesn't 
leave the CPU free to do other things while this is happening.

My big concern is that the pursued solution will be one size fits x86, 
as often happens (also why the same packages need ARM patches in 
consecutive releases).

 2) More abstraction (a OpenSSL-NSS shim library), means more bloat,
 more context switching and less performance. Is that really the way
 forward? I mean _really_?
 For bulk crypto operations an extra call via a shim probably doesn't
 matter.  For some signature operations it might.

 It seems like a clean solution from the point of view of application
 developers, though.
 The other thing that needs to be considered is added complexity and
 security. I would imagine that since there is an abstraction layer, it
 introduces additional scope for exploits (buffer overruns, stack
 smashing, etc.) Is this shim library going to also be FIPS certified? If
 not then the improved security aspect of NSS vs. OpenSSL comes a lot
 closer to pure marketing rhetoric (maybe that's where it's at at the
 moment anyway, I don't claim to be an expert on the subject).
 
 Read the details mentioned on the advantage of NSS over OpenSSL for
 FIPS certification on the consolidation wiki.

Are you talking about this sentence?

NSS, in contrast, allows all applications to inherit the NSS FIPS 
validation status by following some simple rules detailed in the NSS 
security policy document.

I find it's a bit vague and opaque. I don't see how you could make the 
certification hereditary.

 But the real question is whether one group of Fedora developers is
 determinedly going to push NSS and the other OpenSSL.  That is not a
 route to happiness.
 It's not, but losing crypto offload and/or a performance drop-off and
 bloat due to shimming isn't a happy solution, either. If we can address
 those (the latter by sending patches to build against NSS upstream so
 shimming isn't required), then it'd be a great idea.
 
 NSS supports HW. See above. All things need to be dealt with upstream.
 Whether it be Fedora, kernel, NSS or other apps.

Fair enough. I won't hold my breath and give up my OpenSSL quite yet, 
then. :)

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Jason Burrell wrote:
 On May 25, 2011 6:06 AM, Gordan Bobic gor...@bobich.net 
 mailto:gor...@bobich.net wrote:
  
   Andrew Haley wrote:
  
I'm not against NSS - really I'm not. But there are other 
 considerations
to be taken into account.
   
1) Does NSS have any kind of support for hardware crypto offload? 
 If so,
I haven't found any references to it (but maybe my google-foo is weak
today).
   
Interesting question; not sure.
  
   I think it is an important one to answer, and sooner rather than later.
   This is particularly important to the ARM community since a lot of
   (most?) ARMs seem to have a crypto co-processor of some description
   (Freescales, Kirkwood and Tegra definitely seem to have this, I haven't
   checked others, but since these are the three classes of devices I own,
   that's 3 out of 3 - I don't think it's luck/coincidence).
  
   This is particularly important for server applications. ARM is getting
   some traction in the server market. ZT make a really nice (if expensive)
   multi-ARM server. I have seriously discussed using ShevaPlugs/GuruPlugs
   specifically for large scale-out low-power SSL offload with clients.
   Crypto offload support is already important, and it's importance is only
   going to go up.
  
 
 NSS supports PKCS#11 which most hardware crypto accelerators (including 
 things like smartcards and offloading coprocessors) use. As far as I 
 know, the only OpenSSL PKCS#11 library is external to it, from the 
 OpenSC people.

Hmm... Are the relevant kernel drivers and interfaces in place for 
PKCS#11 for any of the crypto offload engines discussed (Kirkwood, 
Tegra, Freescale)? Can somebody point me at the relevant interface docs?

3) Volume of supported commonly used software - if NSS has a clear
advantage in terms of support base, then so be it, let's all put our
weight behind it. But my perception is that this is not the case.
Everything I touch upon on a daily basis seems to be linked against
OpenSSL rather than NSS.
   
Well, that's not true for everyone, and certainly not for users of
GPG.
  
   I thought it was mentioned on this thread recently that GPG brings it's
   own implementation anyway. Did I misunderstand?
  
But the real question is whether one group of Fedora developers is
determinedly going to push NSS and the other OpenSSL.  That is not a
route to happiness.
  
   It's not, but losing crypto offload and/or a performance drop-off and
   bloat due to shimming isn't a happy solution, either. If we can address
   those (the latter by sending patches to build against NSS upstream so
   shimming isn't required), then it'd be a great idea.
  
   But purely in terms of standardizing on a single crypto library - has
   anyone actually performed an exhaustive analysis on how much would need
   to be changed to go either way? The wiki page that has been referenced a
   few times seems distinctly non-exhaustive. Maybe my perception is
   non-representative here, but as I said, all the things I get my hands
   dirty on a regular basis are linked against OpenSSL rather than NSS. The
   pragmatist in me says that maybe that makes OpenSSL a better target to
   standardize on, but I would like to see an exhaustive analysis /
   empirical evidence showing otherwise.
  
 
 FIPS OpenSSL isn't the same thing as normal OpenSSL. From OpenSSL's 
 own FIPS docs, The FIPS Object Module is the special monolithic object 
 module built from the special source distribution identified in the 
 Security Policy. It is not the same as the OpenSSL product or any 
 specific official OpenSSL distribution release.
 
 So requiring FIPS (which the US gov't and many large organizations do) 
 undermines the argument that OpenSSL is used more extensively.

So are you saying that the number of organizations that _don't_ use 
OpenSSH, OpenLDAP, mod_ssl, etc. is greater than those that do (limiting 
the field here to those that use some unix-like OS)? That would surprise 
me if it really is the case.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Jason Burrell wrote:

   NSS supports PKCS#11 which most hardware crypto accelerators
 (including
   things like smartcards and offloading coprocessors) use. As far as I
   know, the only OpenSSL PKCS#11 library is external to it, from the
   OpenSC people.
 
 Hmm... Are the relevant kernel drivers and interfaces in place for
 PKCS#11 for any of the crypto offload engines discussed (Kirkwood,
 Tegra, Freescale)? Can somebody point me at the relevant interface docs?
 
 
 Generally, the CPU-based crypto hardware is actually just a few 
 acceleration functions, so you don't usually access it through PKCS#11. 
 I know NSS supports the Intel AES instructions directly (not via 
 PKCS#11), so it should be possible to add others as well.

Accelerating instructions are something for the compilers and assemblers 
to deal with. I was specifically talking about asynchronous offload 
engines that ARM SoCs often to have.

 So are you saying that the number of organizations that _don't_ use
 OpenSSH, OpenLDAP, mod_ssl, etc. is greater than those that do (limiting
 the field here to those that use some unix-like OS)? That would surprise
 me if it really is the case.
 
 
 I don't have figures as to the number of deployments of any of those 
 tools, but only OpenSSH is listed as not yet supporting NSS anyway.
 
 I do think there are many deployments of OpenSSL that aren't following 
 its license's advertising requirements. As you stated, OpenSSH is used 
 pretty much everywhere, but I don't even remember the last time I saw a 
 statement saying a product included software from OpenSSL, except in 
 hidden about boxes, which isn't what a clear reading for the Four-clause 
 BSD license states.

Just out of interest, have OpenSSL maintainers complained at having just 
about every distribution on the planet break their licencing terms?

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[omalleys]

Quoting Gordan Bobic gor...@bobich.net:

 Jason Burrell wrote:

   NSS supports PKCS#11 which most hardware crypto accelerators
 (including
   things like smartcards and offloading coprocessors) use. As far as I
   know, the only OpenSSL PKCS#11 library is external to it, from the
   OpenSC people.

 Hmm... Are the relevant kernel drivers and interfaces in place for
 PKCS#11 for any of the crypto offload engines discussed (Kirkwood,
 Tegra, Freescale)? Can somebody point me at the relevant interface docs?


 Generally, the CPU-based crypto hardware is actually just a few
 acceleration functions, so you don't usually access it through PKCS#11.
 I know NSS supports the Intel AES instructions directly (not via
 PKCS#11), so it should be possible to add others as well.

 Accelerating instructions are something for the compilers and assemblers
 to deal with. I was specifically talking about asynchronous offload
 engines that ARM SoCs often to have.

There are kernel options for both synchronous and asynchronous crypto  
optimisation at least on the intel side in the .39 kernel. I'm unsure  
whether that made it back to the ARM side or not. I didnt rereun the  
config with ARM options.




___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Callum Lerwick]

On Wed, May 25, 2011 at 5:31 AM, Gordan Bobic gor...@bobich.net wrote:
 It seems to me (and always has, thinking about it) that the argument of
 BSD vs. GPL vs. LGPL vs. whatever-other-open-source-licence has always
 been a passtime for people who lack either the ability or the
 inclination to get on with real productive work. Flame me for that
 statement all you want, but that's just what it's always looked like to me.

I think you're confusing ideologues who feel obligated to fight their
moral crusade anywhere they can, with people who have concerns with
real world legal issues.

 I don't see that this particular licensing issue is stopping OpenSSL
 shipping with every major distro, with a lot of packages linking against
 it. Hardlining on this issue seems like it blows things way out of
 proportion.

Unfortunately, what may very well be a minor insignificant
technicality can still get your ass sued out of existence in the Real
World.

OpenSSL persists because of momentum. The world around us has changed,
Open Source WON its battle for legal and practical legitimacy, and
what were once handwave-able legal technicalities can no longer be
ignored as they once were.

Also, I suspect there's a hypocrisy factor at work here. Having a
history of picking and choosing which licences you follow to the
letter just because you're on the same side can be used against you
in other more hostile copyright enforcement claims. This is why the
FSF has to take a hard line on these things.

(IANAL)
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Derek Atkins]

omall...@msu.edu writes:

 Good question. Although I thought dkms support was recently added like F13.

Nah, DKMS support has been in Fedora for a while!  It's certainly in
F12!

Installing:
 dkms  noarch  2.1.0.1-1.fc12 fedora   95 k

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Derek Atkins]

Gordan Bobic gor...@bobich.net writes:

 I thought there was a phylosophical issue with dkms on fedora, because 
 it tracks the mainline kernel or something like that.

Nope, DKMS builds a kernel module as necessary (either at boot time or
at kernel update time).  It doesn't care what kernel you're using, only
that you have the kernel headers and a working compiler.  The
philosophical issue with DKMS is that it requires a build system and
that your end users are plugging stuff into their kernel.

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Andrew Burgess]

On 05/23/2011 10:18:29 AM, Gordan Bobic wrote:

  cryptodev probably used the CESA hardware.
 
 It is - the mv_cesa kernel process starts to show up in top when the
 crypto engine is being used.
 
  since it isnt using cpu time
  i guess its technically not a bug.
 
 I never said it was a bug,

i didn't mean to imply that you had. the confusion was all mine.

 If I'm churning without cryptoddev, the CPU
 sits at 0% idle. With cryptodev and large blocks the idle CPU time is
 typically  70%. So the remaining 70% of CPU could indeed be used for
 something else, such as additional crypto if needs be (see the  
 comments
 in the article linked earlier in this thread that point out this very
 possibility).

i missed the article reference. it would have saved me some googling :-)

here it is again for the similarly myopic:  
http://www.altechnative.net/?p=174
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Andrew Haley]

On 05/23/2011 04:12 PM, Gordan Bobic wrote:
 omall...@msu.edu wrote:
 
 My question, is how hard is this to implement the hardware support 
 non-openssl programs.
 
 Not particularly hard if you're writing your own crypto implementation 
 anyway, but there's a lot to be said for just linking against OpenSSL. 
 It's probably safer to link against the library that has a lot of eyes 
 on it than it is to implement your own.
 
 OpenAFS could use this as it can use a lot of DES 
 encryption, but it uses its own DES implementation. It also happens to 
 be the only one I can think of off the top of my head that uses its own 
 implementation. It would be nice to have.

gpg seems to use its own AES implementation that's slower than SSL's.
It would certainly be nice to fix that to use acceleration.

Andrew.

___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

On 05/24/2011 06:37 PM, Adam Goode wrote:
 Have a look at this too:

 http://fedoraproject.org/wiki/FedoraCryptoConsolidation

 It was supposed to be the way forward regarding all this. Last I
 checked, it was only for applications, not libraries, though.

Now that _IS_ interesting. So NSS is the consolidation target? I was 
under the impression that OpenSSL is a lot more prolific and it has more 
application level support, of the ones listed on the page above, at 
least the following:

1) Apache/mod_ssl (OK, this one's a tie since there's also mod_nss)
3) stunnel
5) wget
8) OpenLDAP
9) OpenSSH
14) postfix

So despite the effort to head in the direction of NSS, there are still 
more applications supporting OpenSSL than NSS out of the box (and some 
of those will build against either). IMO, that is a very good reason to 
go with OpenSSL, especially since pushing this sort of thing upstream 
can sometimes approximate herding cats.

But assuming I'm wasting my breath with that line of discussion, on a 
more pragmatic level - what is the NSS support for cryptodev like?

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

On 05/24/2011 08:15 PM, omall...@msu.edu wrote:
 Quoting Gordan Bobic gor...@bobich.net:

 On 05/24/2011 07:27 PM, Alexander Boström wrote:
 mån 2011-05-23 klockan 15:15 +0100 skrev Gordan Bobic:

 What I'm pondering now is something like a dkms package for the
 cryptodev kernel module, but I seem to remember reading somewhere that
 dkms is a non-Fedora RHEL thing. What do you guys think would be the
 best way to approach it, especially since we don't have standard
 kernels at the moment?

 It's probably a lot easier to just patch your kernel build (or ask
 whoever builds your kernel to do it). Then you won't need kernel build
 tools installed on your little arm device.

 I really don't think that's a big deal. Cryptodev module takes seconds
 to build, and even if you are building your own kernel, it means you can
 just install the new kernel, and the new module with automatically be
 built for it. So it still saves effort.

 I think this is a bigger deal then you assume. I sure as heck don't want
 a compiler sitting on my embedded device facing the outside world

You don't want to be updating the kernel on your embedded device without 
ample preparation either.

 or on my desktop system,

So you don't like having nvidia/ati accelerated graphics with 
manufacturer provided drivers either, then? Or LSI SAS controllers? Or 
anything else that relies on dkms to keep it's drivers up to date.

 just the same as I don't put a compiler on a
 production server system either.

See above. The LSI MPT driver that ships with the kernel on RHEL is 
quite a long way out of date. I guess you could have a build machine 
template for every type system you have, but that's impractical if you 
have a lot of heterogenous hardware.

Besides - I don't see a big deal. If you don't like dkms don't use it - 
build the drivers the hard way. For most people, myself included, it's 
an acceptable solution.

 It is just as easy to compile a rootkit
 as it is a dkms.

If somebody has gained shell access to your box, you've already lost, so 
I don't see this as a particularly viable argument.

 Embedded also has space at a premium and dev tools and
 libraries can eat up space.

If it's embedded, it doesn't get updated often or without good reason, 
and if it really is embedded, then you are probably developing in a 
dedicated environment and planning to deploy on many identical devices. 
In that case you can just push out the driver with the kernel package 
and be done with it. I don't see the two approaches as in any way 
contradictory. The fact that the solution doesn't fit your requirements 
doesn't mean it fits nobody's. I posted the docs on how to do it - 
whether you do it that way or dkms wrapped is entirely up to you. :)

The only point I'm really making is that dkms is a standard, recognized 
way of doing things like this. It may not fit everyone's requirements, 
but it fits a lot of people's requirements. I'd love to see it become a 
non-issue by bundling the driver/headers in the kernel rpms when those 
become available for popular devices, but until then I think dkms would 
make it much easier for most people who don't want to get their hands 
dirty with doing it all manually.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[omalleys]

Quoting Gordan Bobic gor...@bobich.net:

 On 05/24/2011 08:15 PM, omall...@msu.edu wrote:
 Quoting Gordan Bobic gor...@bobich.net:

 On 05/24/2011 07:27 PM, Alexander Boström wrote:
 mån 2011-05-23 klockan 15:15 +0100 skrev Gordan Bobic:

 What I'm pondering now is something like a dkms package for the
 cryptodev kernel module, but I seem to remember reading somewhere that
 dkms is a non-Fedora RHEL thing. What do you guys think would be the
 best way to approach it, especially since we don't have standard
 kernels at the moment?

 It's probably a lot easier to just patch your kernel build (or ask
 whoever builds your kernel to do it). Then you won't need kernel build
 tools installed on your little arm device.

 I really don't think that's a big deal. Cryptodev module takes seconds
 to build, and even if you are building your own kernel, it means you can
 just install the new kernel, and the new module with automatically be
 built for it. So it still saves effort.

 I think this is a bigger deal then you assume. I sure as heck don't want
 a compiler sitting on my embedded device facing the outside world

 You don't want to be updating the kernel on your embedded device without
 ample preparation either.

Well depends on how you look at it. It can be a valuable learning  
experience  trying to figure out how exactly to recover from your  
mistake.

 or on my desktop system,

 So you don't like having nvidia/ati accelerated graphics with
 manufacturer provided drivers either, then? Or LSI SAS controllers? Or
 anything else that relies on dkms to keep it's drivers up to date.

I have to recompile them for various kernels. I have the same issue  
with OpenAFS if the package hasn't been updated yet and a new kernel  
is released.

 just the same as I don't put a compiler on a
 production server system either.

 See above. The LSI MPT driver that ships with the kernel on RHEL is
 quite a long way out of date. I guess you could have a build machine
 template for every type system you have, but that's impractical if you
 have a lot of heterogenous hardware.

I do have a build environment for a number of different services.
I moved most of the dev environments to virtual machines though.

 Besides - I don't see a big deal. If you don't like dkms don't use it -
 build the drivers the hard way. For most people, myself included, it's
 an acceptable solution.

 It is just as easy to compile a rootkit
 as it is a dkms.

 If somebody has gained shell access to your box, you've already lost, so
 I don't see this as a particularly viable argument.

Yes but they may have shell access and build the kit to gain root access.

 Embedded also has space at a premium and dev tools and
 libraries can eat up space.

 If it's embedded, it doesn't get updated often or without good reason,
 and if it really is embedded, then you are probably developing in a
 dedicated environment and planning to deploy on many identical devices.
 In that case you can just push out the driver with the kernel package
 and be done with it. I don't see the two approaches as in any way
 contradictory. The fact that the solution doesn't fit your requirements
 doesn't mean it fits nobody's. I posted the docs on how to do it -
 whether you do it that way or dkms wrapped is entirely up to you. :)

I think the docs were actually well written. I quite enjoyed reading them.

 The only point I'm really making is that dkms is a standard, recognized
 way of doing things like this. It may not fit everyone's requirements,
 but it fits a lot of people's requirements. I'd love to see it become a
 non-issue by bundling the driver/headers in the kernel rpms when those
 become available for popular devices, but until then I think dkms would
 make it much easier for most people who don't want to get their hands
 dirty with doing it all manually.

I understand your argument. It seems strange that you would be making  
the argument given you are one of the people who likes to get their  
hands dirty. :)

I just think there has to be a better way to do it, sans moving to a  
bsd style kernel... :)


___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

On 05/24/2011 08:54 PM, omall...@msu.edu wrote:

 Besides - I don't see a big deal. If you don't like dkms don't use it -
 build the drivers the hard way. For most people, myself included, it's
 an acceptable solution.

 It is just as easy to compile a rootkit
 as it is a dkms.

 If somebody has gained shell access to your box, you've already lost, so
 I don't see this as a particularly viable argument.

 Yes but they may have shell access and build the kit to gain root access.

As opposed to using wget, curl, or even the magic /dev/tcp from shell to 
download it pre-cooked? Sorry, I just don't see it making a difference.

 Embedded also has space at a premium and dev tools and
 libraries can eat up space.

 If it's embedded, it doesn't get updated often or without good reason,
 and if it really is embedded, then you are probably developing in a
 dedicated environment and planning to deploy on many identical devices.
 In that case you can just push out the driver with the kernel package
 and be done with it. I don't see the two approaches as in any way
 contradictory. The fact that the solution doesn't fit your requirements
 doesn't mean it fits nobody's. I posted the docs on how to do it -
 whether you do it that way or dkms wrapped is entirely up to you. :)

 I think the docs were actually well written. I quite enjoyed reading them.

By all means, feel free to paste/link on the official wiki. :)

 The only point I'm really making is that dkms is a standard, recognized
 way of doing things like this. It may not fit everyone's requirements,
 but it fits a lot of people's requirements. I'd love to see it become a
 non-issue by bundling the driver/headers in the kernel rpms when those
 become available for popular devices, but until then I think dkms would
 make it much easier for most people who don't want to get their hands
 dirty with doing it all manually.

 I understand your argument. It seems strange that you would be making
 the argument given you are one of the people who likes to get their
 hands dirty. :)

I _don't mind_ getting my hands dirty _when I have to_, but I do like to 
come up with a solution that I have to implement once, and from there on 
it takes care of itself.

 I just think there has to be a better way to do it, sans moving to a bsd
 style kernel... :)

Feel free to chase cryptodev inclusion in mainline - I'm totally for 
that, I just think it'll take years and I am simply not prepared to wait 
for it. There is also an argument that we should perhaps involve the 
developer of the module in this conversation, too, and see what they 
think. :)

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[omalleys]

Quoting Gordan Bobic gor...@bobich.net:

 On 05/22/2011 09:17 AM, Peter Robinson wrote:
 On Sun, May 22, 2011 at 2:11 AM, Gordan Bobicgor...@bobich.net  wrote:
 Hi,

 In case anyone is interested, I got this working on F13. It required
 building the cryptodev kernel module and rebuilding the standard F13
 OpenSSL package with three additional parameters (the cryptodev support
 is already in the standard OpenSSL package sources, it just isn't
 enabled in the default build).

 More details available here:
 http://www.altechnative.net/?p=174

 Any chance we can have cryptodev enabled in the standard package build?
 I cannot see any drawbacks to having it available - when cryptodev
 device isn't there, it will simply fall back to the software
 implementation. (Note: required cryptodev header file provided by the
 external kernel driver).

 We use upstream Fedora mainline packages. File a bug and once its
 enabled in Fedora it will come to the ARM platform too.

 Filed:
 https://bugzilla.redhat.com/show_bug.cgi?id=706706

That just rocks, Thanks!!

Sean

___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

omall...@msu.edu wrote:
 Quoting Gordan Bobic gor...@bobich.net:
 
 On 05/22/2011 09:17 AM, Peter Robinson wrote:
 On Sun, May 22, 2011 at 2:11 AM, Gordan Bobicgor...@bobich.net  wrote:
 Hi,

 In case anyone is interested, I got this working on F13. It required
 building the cryptodev kernel module and rebuilding the standard F13
 OpenSSL package with three additional parameters (the cryptodev support
 is already in the standard OpenSSL package sources, it just isn't
 enabled in the default build).

 More details available here:
 http://www.altechnative.net/?p=174

 Any chance we can have cryptodev enabled in the standard package build?
 I cannot see any drawbacks to having it available - when cryptodev
 device isn't there, it will simply fall back to the software
 implementation. (Note: required cryptodev header file provided by the
 external kernel driver).

 We use upstream Fedora mainline packages. File a bug and once its
 enabled in Fedora it will come to the ARM platform too.

 Filed:
 https://bugzilla.redhat.com/show_bug.cgi?id=706706
 
 That just rocks, Thanks!!

Yeah, it's pretty awesome. It makes the Sheevaplug catch up with the 
Atom that is 466MHz faster and 4x more power-hungry.

What I'm pondering now is something like a dkms package for the 
cryptodev kernel module, but I seem to remember reading somewhere that 
dkms is a non-Fedora RHEL thing. What do you guys think would be the 
best way to approach it, especially since we don't have standard 
kernels at the moment?

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[omalleys]

Quoting Gordan Bobic gor...@bobich.net:

 omall...@msu.edu wrote:
 Quoting Gordan Bobic gor...@bobich.net:

 On 05/22/2011 09:17 AM, Peter Robinson wrote:
 On Sun, May 22, 2011 at 2:11 AM, Gordan Bobicgor...@bobich.net  wrote:
 Hi,

 In case anyone is interested, I got this working on F13. It required
 building the cryptodev kernel module and rebuilding the standard F13
 OpenSSL package with three additional parameters (the cryptodev support
 is already in the standard OpenSSL package sources, it just isn't
 enabled in the default build).

 More details available here:
 http://www.altechnative.net/?p=174

 Any chance we can have cryptodev enabled in the standard package build?
 I cannot see any drawbacks to having it available - when cryptodev
 device isn't there, it will simply fall back to the software
 implementation. (Note: required cryptodev header file provided by the
 external kernel driver).

 We use upstream Fedora mainline packages. File a bug and once its
 enabled in Fedora it will come to the ARM platform too.

 Filed:
 https://bugzilla.redhat.com/show_bug.cgi?id=706706

 That just rocks, Thanks!!

 Yeah, it's pretty awesome. It makes the Sheevaplug catch up with the
 Atom that is 466MHz faster and 4x more power-hungry.

 What I'm pondering now is something like a dkms package for the
 cryptodev kernel module, but I seem to remember reading somewhere that
 dkms is a non-Fedora RHEL thing. What do you guys think would be the
 best way to approach it, especially since we don't have standard
 kernels at the moment?


Good question. Although I thought dkms support was recently added like F13.

My question, is how hard is this to implement the hardware support  
non-openssl programs. OpenAFS could use this as it can use a lot of  
DES encryption, but it uses its own DES implementation. It also  
happens to be the only one I can think of off the top of my head that  
uses its own implementation. It would be nice to have.



___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

omall...@msu.edu wrote:

 In case anyone is interested, I got this working on F13. It required
 building the cryptodev kernel module and rebuilding the standard F13
 OpenSSL package with three additional parameters (the cryptodev 
 support
 is already in the standard OpenSSL package sources, it just isn't
 enabled in the default build).

 More details available here:
 http://www.altechnative.net/?p=174

 Any chance we can have cryptodev enabled in the standard package 
 build?
 I cannot see any drawbacks to having it available - when cryptodev
 device isn't there, it will simply fall back to the software
 implementation. (Note: required cryptodev header file provided by the
 external kernel driver).

 We use upstream Fedora mainline packages. File a bug and once its
 enabled in Fedora it will come to the ARM platform too.

 Filed:
 https://bugzilla.redhat.com/show_bug.cgi?id=706706

 That just rocks, Thanks!!

 Yeah, it's pretty awesome. It makes the Sheevaplug catch up with the
 Atom that is 466MHz faster and 4x more power-hungry.

 What I'm pondering now is something like a dkms package for the
 cryptodev kernel module, but I seem to remember reading somewhere that
 dkms is a non-Fedora RHEL thing. What do you guys think would be the
 best way to approach it, especially since we don't have standard
 kernels at the moment?

 
 Good question. Although I thought dkms support was recently added like F13.

I thought there was a phylosophical issue with dkms on fedora, because 
it tracks the mainline kernel or something like that.

 My question, is how hard is this to implement the hardware support 
 non-openssl programs.

Not particularly hard if you're writing your own crypto implementation 
anyway, but there's a lot to be said for just linking against OpenSSL. 
It's probably safer to link against the library that has a lot of eyes 
on it than it is to implement your own.

 OpenAFS could use this as it can use a lot of DES 
 encryption, but it uses its own DES implementation. It also happens to 
 be the only one I can think of off the top of my head that uses its own 
 implementation. It would be nice to have.

Is there any technical reason why it couldn't be built against OpenSSL?

This could also be extended to other things, such as md5sum and sha1sum 
from coreutils. They use their own implementation rather than OpenSSL 
(presumably because for something as core as coreutils needs to be 
dependencyless). A couple of thoughts on that subject:

1) Should md5sum, sha1sum and similar be subject to the alternatives 
framework, and be substituted by wrappers that instead call openssl 
md5 and openssl sha1 respectively?

2) My testing shows that the coreutils software implementation is 
actually quicker on checksumming large files. Not a lot, mind you, but 
the difference is measurable (1.924s for sha1sum and 1.998s for openssl 
sha1 for a kernel tar.bz2 ball, for the best of three runs of each). But 
the sys+user time for sha1sum adds up to the wallclock total, whereas 
for the cryptodev accelerated openssl run, the sys+user is 0.620s, i.e. 
less than a third of wallclock.

This might actually be a debate worth having on the primary arch list 
(Note: I'm not subscribed to that one.) since most of the current 
generation x86 processors from Intel, AMD and Via have similar crypto 
offload features at least for AES.

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Andrew Burgess]

On 05/23/2011 08:12:13 AM, Gordan Bobic wrote:

 2) My testing shows that the coreutils software implementation is
 actually quicker on checksumming large files. Not a lot, mind you, but
 the difference is measurable (1.924s for sha1sum and 1.998s for  
 openssl
 sha1 for a kernel tar.bz2 ball, for the best of three runs of each).  
 But
 the sys+user time for sha1sum adds up to the wallclock total, whereas
 for the cryptodev accelerated openssl run, the sys+user is 0.620s,  
 i.e.
 less than a third of wallclock.

cryptodev probably used the CESA hardware. since it isnt using cpu time
i guess its technically not a bug.

i wonder how much you could actually use the cpu for other things?
would a little cpu bound program running at idle prio get work done
during your benchmark? that might be a big argument for cryptodev...

or even run both openssl and coreutils in parallel; total bytes
per second (and heat and power) should increase.
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

Re: [fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

On 05/22/2011 09:17 AM, Peter Robinson wrote:
 On Sun, May 22, 2011 at 2:11 AM, Gordan Bobicgor...@bobich.net  wrote:
 Hi,

 In case anyone is interested, I got this working on F13. It required
 building the cryptodev kernel module and rebuilding the standard F13
 OpenSSL package with three additional parameters (the cryptodev support
 is already in the standard OpenSSL package sources, it just isn't
 enabled in the default build).

 More details available here:
 http://www.altechnative.net/?p=174

 Any chance we can have cryptodev enabled in the standard package build?
 I cannot see any drawbacks to having it available - when cryptodev
 device isn't there, it will simply fall back to the software
 implementation. (Note: required cryptodev header file provided by the
 external kernel driver).

 We use upstream Fedora mainline packages. File a bug and once its
 enabled in Fedora it will come to the ARM platform too.

Filed:
https://bugzilla.redhat.com/show_bug.cgi?id=706706

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm

[fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)

[Gordan Bobic]

Hi,

In case anyone is interested, I got this working on F13. It required 
building the cryptodev kernel module and rebuilding the standard F13 
OpenSSL package with three additional parameters (the cryptodev support 
is already in the standard OpenSSL package sources, it just isn't 
enabled in the default build).

More details available here:
http://www.altechnative.net/?p=174

Any chance we can have cryptodev enabled in the standard package build? 
I cannot see any drawbacks to having it available - when cryptodev 
device isn't there, it will simply fall back to the software 
implementation. (Note: required cryptodev header file provided by the 
external kernel driver).

Gordan
___
arm mailing list
arm@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/arm