[fedora-arm] Hardware Crypto Offload on Kirkwood (SheevaPlug)
omalleys at msu.edu
omalleys at msu.edu
Wed May 25 16:08:55 UTC 2011
Quoting Gordan Bobic <gordan at bobich.net>:
> Jason Burrell wrote:
>
>> > NSS supports PKCS#11 which most hardware crypto accelerators
>> (including
>> > things like smartcards and offloading coprocessors) use. As far as I
>> > know, the only OpenSSL PKCS#11 library is external to it, from the
>> > OpenSC people.
>>
>> Hmm... Are the relevant kernel drivers and interfaces in place for
>> PKCS#11 for any of the crypto offload engines discussed (Kirkwood,
>> Tegra, Freescale)? Can somebody point me at the relevant interface docs?
>>
>>
>> Generally, the CPU-based "crypto" hardware is actually just a few
>> acceleration functions, so you don't usually access it through PKCS#11.
>> I know NSS supports the Intel AES instructions directly (not via
>> PKCS#11), so it should be possible to add others as well.
>
> Accelerating instructions are something for the compilers and assemblers
> to deal with. I was specifically talking about asynchronous offload
> engines that ARM SoCs often to have.
There are kernel options for both synchronous and asynchronous crypto
optimisation at least on the intel side in the .39 kernel. I'm unsure
whether that made it back to the ARM side or not. I didnt rereun the
config with ARM options.
More information about the arm
mailing list