Hi there,
1. Introduction
My first blog post will be about getting hardware accelerated aes-128-cbc cipher on my ALIX board, running a Geode LX. This processor can only handle aes-128-cbc so it’s basically useless, unless you plan to configure every service to only use this specific cipher. Anyway, I’ll do it nevertheless !
Unlike VIA chips (padlock), the Geode doesn’t come with any native acceleration on Linux. It’s however possible using OCF (Open Crypto Framework) which has been ported from BSD to Linux. It’ll provide in-kernel hardware acceleration exported to userland using /dev/crypto device node.
2. Rebuilding Debian’s kernel with OCF-Linux patch
Sadly, OCF requiere little changes into the kernel and cannot (for now) be built as a module.
/!\ If you plan to build a 32 bits kernel from a 64 bits environment, use a 32 bits chroot !
Install a bunch of dependencies:
1 |
aptitude install devscripts wget vim libncurses5-dev pbuilder |
Download and extract current Debian’s latest kernel:
1 |
dget -x http://ftp.de.debian.org/debian/pool/main/l/linux-2.6/linux-2.6_3.0.0-3.dsc |
(If there’s a GPG sign error or something, run dpkg-source -x *.dsc)
Download latest OCF-Linux package:
1 |
wget 'http://heanet.dl.sourceforge.net/project/ocf-linux/ocf-linux/20110720/ocf-linux-20110720.tar.gz' |
Generate OCF kernel patch:
1 2 3 4 |
tar xvzf ocf-linux-20110720.tar.gz cd ocf-linux-20110720/ocf/ make patch cd ../.. |
Let’s get started…
1 |
cd linux-2.6-3.0.0/ |
Bump Debian’s package ABI by editing debian/config/defines:
1 |
abiname: 1 become abiname: 1+alix.1 |
Copy OCF Linux kernel patch:
1 |
cp ../ocf-linux-20110720/ocf/ocf-linux-26.patch debian/patches/features/all/ |
Create a quilt patch “series” file:
/!\ 3+alix.1 must be be the version according to debian/changelog.
In my example, package version is 3.0.0-3, mine will be 3.0.0-3+alix.1.
1 |
echo "+ features/all/ocf-linux-26.patch" >> debian/patches/series/3+alix.1 |
Install build dependencies (with some pbuilder’s magic!):
1 |
/usr/lib/pbuilder/pbuilder-satisfydepends |
Clean and prepare the source package:
1 2 |
make -f debian/rules clean make -f debian/rules source-all |
It will probably fails because the patch contains some “fuzz”. If so, go to debian/build/source, duplicate this directory, apply the patch, diff again and replace ocf-linux-26.patch). Run both commands again.
Create a new changelog entry:
1 |
dch --local +alix. |
Set target to UNRELEASED instead on unstable (first line).
Fill the changelog, here’s mine:
1 2 |
* Add OCF Linux kernel patch. * Change CPU type to Geode LX. |
Setup the right kernel flavor (refer to official documentation on Debian’s wiki for more information):
1 2 |
make -f debian/rules.gen setup_i386_none_486 cd debian/build/build_i386_none_486/ |
Configure it!
1 |
make menuconfig |
Change CPU type to Geode LX/GX (will enable a few optimization, dunno if it really matters).
Enable OCF in kernel configuration but disable the following hardware chip drivers (they fail to build): Micronas 7108, cryptocteon, XP4xx, Kirkwood, Talitos and Hifn. AMD Geode doesn’t require any driver: upstream provide geode_aes kernel module which only need a way to be accessed from userland, so you may disable everything except cryptosoft (software fallback for unsupported ciphers) and crytodev (userland link).
BUILD!
1 2 |
cd ../../.. make -f debian/rules.gen binary-arch_i386_none_486 binary-indep DEBIAN_KERNEL_JOBS=4 |
Once you see linux-headers and linux-image deb package, you can stop the build by hitting Ctrl+c (generating documentation packages takes ages).
We need linux-headers-common as well:
1 |
make -f debian/rules.gen binary-arch_i386_none_real |
That’s it for the kernel part…
Stay tuned !