{"id":1,"date":"2011-09-02T23:56:53","date_gmt":"2011-09-02T23:56:53","guid":{"rendered":"http:\/\/blog.le-vert.net\/?p=1"},"modified":"2011-09-03T02:41:14","modified_gmt":"2011-09-03T00:41:14","slug":"hello-world","status":"publish","type":"post","link":"https:\/\/blog.le-vert.net\/?p=1","title":{"rendered":"OCF-Linux on Debian [Part I]"},"content":{"rendered":"<div class=\"twttr_buttons\"><div class=\"twttr_twitter\">\n\t\t\t\t\t<a href=\"http:\/\/twitter.com\/share?text=OCF-Linux+on+Debian+%5BPart+I%5D\" class=\"twitter-share-button\" data-via=\"\" data-hashtags=\"\"  data-size=\"default\" data-url=\"https:\/\/blog.le-vert.net\/?p=1\"  data-related=\"\" target=\"_blank\">Tweet<\/a>\n\t\t\t\t<\/div><\/div><p>Hi there,<\/p>\n<p><strong><span class=\"Apple-style-span\" style=\"font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;\">1. Introduction<\/span><\/strong><\/p>\n<p><span class=\"Apple-style-span\" style=\"font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;\">My first blog post will be about getting hardware accelerated aes-128-cbc cipher on my <a href=\"http:\/\/pcengines.ch\/alix2d3.htm\">ALIX<\/a> board, running a Geode LX. This processor can only handle aes-128-cbc so it&#8217;s basically useless, unless you plan to configure every service to only use this specific cipher. Anyway, I&#8217;ll do it nevertheless !<\/span><\/p>\n<p>Unlike VIA chips (padlock), the Geode doesn&#8217;t come with any native acceleration on Linux. It&#8217;s however possible using <a href=\"http:\/\/ocf-linux.sourceforge.net\/\">OCF<\/a> (Open Crypto Framework) which has been ported from BSD to Linux. It&#8217;ll provide in-kernel hardware acceleration exported to userland using \/dev\/crypto device node.<\/p>\n<p><strong>2. Rebuilding Debian&#8217;s kernel with OCF-Linux patch<\/strong><\/p>\n<p>Sadly, OCF requiere little changes into the kernel and cannot (for now) be built as a module.<\/p>\n<p><strong>\/!\\ <\/strong>If you plan to build a 32 bits kernel from a 64 bits environment, use a 32 bits chroot !<\/p>\n<p>Install a bunch of\u00a0dependencies:\u00a0<\/p>\n<pre>aptitude install devscripts wget vim libncurses5-dev pbuilder<\/pre>\n<p>Download and extract current Debian&#8217;s latest kernel:\u00a0<\/p>\n<pre>dget -x http:\/\/ftp.de.debian.org\/debian\/pool\/main\/l\/linux-2.6\/linux-2.6_3.0.0-3.dsc<\/pre>\n<p>(If there&#8217;s a GPG sign error or something, run <em>dpkg-source -x *.dsc<\/em>)<\/p>\n<p>Download latest OCF-Linux package:<\/p>\n<pre>wget 'http:\/\/heanet.dl.sourceforge.net\/project\/ocf-linux\/ocf-linux\/20110720\/ocf-linux-20110720.tar.gz'<\/pre>\n<p>Generate OCF kernel patch:<\/p>\n<pre>tar xvzf ocf-linux-20110720.tar.gz\r\ncd ocf-linux-20110720\/ocf\/\r\nmake patch\r\ncd ..\/..<\/pre>\n<p>Let&#8217;s get started&#8230;<\/p>\n<pre>cd linux-2.6-3.0.0\/<\/pre>\n<p>Bump Debian&#8217;s package ABI by editing <em>debian\/config\/defines<\/em>:<\/p>\n<pre>abiname: 1 become abiname: 1+alix.1<\/pre>\n<p>Copy OCF Linux kernel patch:<\/p>\n<pre>cp ..\/ocf-linux-20110720\/ocf\/ocf-linux-26.patch debian\/patches\/features\/all\/<\/pre>\n<p>Create a quilt patch &#8220;series&#8221; file:<br \/>\n<strong>\/!\\<\/strong> 3+alix.1 must be be the version according to debian\/changelog.<br \/>\nIn my example, package version is 3.0.0-3, mine will be 3.0.0-<strong>3+alix.1<\/strong>.<\/p>\n<pre>echo \"+ features\/all\/ocf-linux-26.patch\" >> debian\/patches\/series\/3+alix.1<\/pre>\n<p>Install build dependencies (with some pbuilder&#8217;s magic!):<\/p>\n<pre>\/usr\/lib\/pbuilder\/pbuilder-satisfydepends<\/pre>\n<p>Clean and prepare the source package:<\/p>\n<pre>make -f debian\/rules clean\r\nmake -f debian\/rules source-all<\/pre>\n<p>It will probably fails because the patch contains some &#8220;fuzz&#8221;. If so, go to debian\/build\/source, duplicate this directory, apply the patch, diff again and replace ocf-linux-26.patch). Run both commands again.<\/p>\n<p>Create a new changelog entry:<\/p>\n<pre>dch --local +alix.<\/pre>\n<p>Set target to UNRELEASED instead on unstable (first line).<br \/>\nFill the changelog, here&#8217;s mine:<\/p>\n<pre>  * Add OCF Linux kernel patch.\r\n  * Change CPU type to Geode LX.<\/pre>\n<p>Setup the right kernel flavor (refer to official documentation on Debian&#8217;s wiki for more information):<\/p>\n<pre>make -f debian\/rules.gen setup_i386_none_486\r\ncd debian\/build\/build_i386_none_486\/<\/pre>\n<p>Configure it!<\/p>\n<pre>make menuconfig<\/pre>\n<p>Change CPU type to Geode LX\/GX (will enable a few optimization, dunno if it really matters).<br \/>\nEnable OCF in kernel configuration but disable the following hardware chip drivers (they fail to build): Micronas 7108, cryptocteon, XP4xx, Kirkwood, Talitos and Hifn. AMD Geode doesn&#8217;t require any driver: upstream provide geode_aes kernel module which only need a way to be accessed from userland, so you may disable everything except cryptosoft (software fallback for unsupported ciphers) and crytodev (userland link).<\/p>\n<p>BUILD!<\/p>\n<pre>cd ..\/..\/..\r\nmake -f debian\/rules.gen binary-arch_i386_none_486 binary-indep DEBIAN_KERNEL_JOBS=4<\/pre>\n<p>Once you see linux-headers and linux-image deb package, you can stop the build by hitting Ctrl+c (generating documentation packages takes ages).<\/p>\n<p>We need linux-headers-common as well:<\/p>\n<pre>make -f debian\/rules.gen binary-arch_i386_none_real<\/pre>\n<p>That&#8217;s it for the kernel part&#8230;<\/p>\n<p>Stay tuned !<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi there, 1. Introduction My first blog post will be about getting hardware accelerated aes-128-cbc cipher on my ALIX board, running a Geode LX. This processor can only handle aes-128-cbc so it&#8217;s basically useless, unless you plan to configure every &hellip; <a href=\"https:\/\/blog.le-vert.net\/?p=1\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/1"}],"collection":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1"}],"version-history":[{"count":19,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":23,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions\/23"}],"wp:attachment":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}