====== Enable H/W encryption in Geode ======

To set the required modules to load at startup, add these to **''/etc/modules''**:

<code>
ocf
cryptodev
cryptosoft
</code>

Also, make sure ''geode_aes'' is loaded automatically, if not, add to ''/etc/modules''.

===== For Voyage 0.6.2 =====

For 0.6.2, the bundled openssl and libssl does not have cryptodev support.
Need to install the patched openssl and libssl with cryptodev support:
<code>
# install from voyage APT repository at http://www.voyage.hk/dists/0.6
apt-get install --reinstall openssl libssl0.9.8
</code>

After reboot, check for cryptodev support in openssl by:
<code>
openssl engine
</code>

You should see this line:
<xterm>
(cryptodev) BSD cryptodev engine
</xterm>

Test performance by:
<code>
openssl speed -evp aes128
</code>

You should see something like these:
<xterm>
Doing aes-128-cbc for 3s on 16 size blocks: 149156 aes-128-cbc's in 0.09s
Doing aes-128-cbc for 3s on 64 size blocks: 141139 aes-128-cbc's in 0.05s
Doing aes-128-cbc for 3s on 256 size blocks: 118003 aes-128-cbc's in 0.18s
Doing aes-128-cbc for 3s on 1024 size blocks: 71261 aes-128-cbc's in 0.10s
Doing aes-128-cbc for 3s on 2048 size blocks: 46546 aes-128-cbc's in 0.03s
OpenSSL 0.9.8g 19 Oct 2007
built on: Thu Aug  6 10:51:32 HKT 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   2048 bytes
aes-128-cbc      26516.62k   180657.92k   167826.49k   729712.64k  3177540.27k
</xterm>

===== For Voyage 0.7.5 =====

The stock openssl/libssl package does not have OCF cryptodev support compiled in, so we need to create the package ourselves using a Debian Squeeze buildbox.

First, get the openssl source package and package build tools:
<code>
mkdir openssl-src
cd openssl-src
apt-get install devscripts fakeroot 
apt-get source openssl0.9.8
apt-get build-dep openssl0.9.8
</code>

Get the ocf-linux patch from http://sourceforge.net/projects/ocf-linux/ . We used {{:voyage:ocf-linux-20110720.tar.gz|}} in this write up.

(TODO: Prepare the kernel for building modules if errors encountered in this step.)\\
Unpack ocf-linux-20110720.tar.gz and build it:
<code>
tar zxvf ocf-linux-20110720.tar.gz
cd ocf-linux-20110720/ocf/
make ocf_modules
make ocf_install
</code>

Patch the openssl source tree with the ocf patch:
<code>
# suppose the openssl version is 0.9.8o-4squeeze1 :
cp ocf-linux-20110720/patches/openssl-0.9.8r.patch openssl-src/openssl-0.9.8o/
cd openssl-src/openssl-0.9.8o/
patch -p1 < openssl-0.9.8r.patch
</code>

If the patch applied OK, edit the ''debian/rules'' file to add Configure option ''--with-cryptodev'':
<code>
...
CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext --with-cryptodev
...
</code>

Build the binary deb packages by:
<code>
# at openssl-src/openssl-0.9.8o/

# update changelog and package version
dch -v 0.9.8o-4squeeze1-ocf1

# build it!
fakeroot debian/rules binary
</code>

After successful build, we will have these deb files in ''openssl-src/'' ready for install.
<xterm>
$ ls -l openssl-src/*.deb
libssl0.9.8_0.9.8o-4squeeze1-ocf1_i386.deb
libssl0.9.8-dbg_0.9.8o-4squeeze1-ocf1_i386.deb
libssl-dev_0.9.8o-4squeeze1-ocf1_i386.deb
openssl_0.9.8o-4squeeze1-ocf1_i386.deb
</xterm>

Install:
<code>
dpkg -i openssl_0.9.8o-4squeeze1-ocf1_i386.deb libssl0.9.8_0.9.8o-4squeeze1-ocf1_i386.deb
</code>

Test, just like for 0.6.2.