2011/4/18 Guillaume Filion <g...@logidac.com>: > Hi, > > I've been looking into using the hardware crypto acceleration on the Geode > chip of the net5501 (and maybe get a vpn1411 card) on my web load balancer > (nginx) running on Debian. > > Right now I'm a bit confused on what my options are, so let me write my > understanding of the situation and please correct anything that is > inaccurate: > > 1. The geode hardware crypto acceleration only works for aes-128-cbc. > vpn1411 works for a lot more ciphers/key sizes. > > 2. There's no out-of-the-box support for hardware crypto acceleration of the > geode or the vpn1411 under linux. > > 3. The only way to support it is with ocf-linux, which requires a patch for > the kernel and openssl. > > 4. There's no debian kernel package available with the ocf-linux patch > already in place. > > 5. ocf-linux only supports kernels up to 2.6.26 (debian stable is at > 2.6.32). > > 6. I should really consider switching to openbsd... > > Please tell my if I'm missing something, otherwise, I think I'll seriously > look into implementing #6...
(I'm not running either the Geode or vpn1411 crypto under Linux so take what's below with a grain of salt, but...) Looking at the kernel config for my ubuntu 10.04 server, I do see entries for both of these crypto devices in the mainline default kernel: CONFIG_CRYPTO_DEV_GEODE=m CONFIG_CRYPTO_DEV_HIFN_795X=m CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y The Geode should cover the Geode LX CPU's onboard crypto and the HiFn 7956 would be the vpn1411. OpenSSL may still need to be patched, but in-kernel ops would utilize both crypto accelerators should the appropriate modules be loaded I would think. -Proto _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech