Quoting Gordan Bobic <gordan(a)bobich.net>:
Jason Burrell wrote:
> > NSS supports PKCS#11 which most hardware crypto accelerators
> (including
> > things like smartcards and offloading coprocessors) use. As far as I
> > know, the only OpenSSL PKCS#11 library is external to it, from the
> > OpenSC people.
>
> Hmm... Are the relevant kernel drivers and interfaces in place for
> PKCS#11 for any of the crypto offload engines discussed (Kirkwood,
> Tegra, Freescale)? Can somebody point me at the relevant interface docs?
>
>
> Generally, the CPU-based "crypto" hardware is actually just a few
> acceleration functions, so you don't usually access it through PKCS#11.
> I know NSS supports the Intel AES instructions directly (not via
> PKCS#11), so it should be possible to add others as well.
Accelerating instructions are something for the compilers and assemblers
to deal with. I was specifically talking about asynchronous offload
engines that ARM SoCs often to have.
There are kernel options for both synchronous and asynchronous crypto
optimisation at least on the intel side in the .39 kernel. I'm unsure
whether that made it back to the ARM side or not. I didnt rereun the
config with ARM options.