Autor |
Nachricht |
|
|
Titel: VIA C-7 / nano padlock crypto hw support in Hellfire
Verfasst am: 08.05.2011, 12:08 Uhr
|
|
Anmeldung: 08. Mai 2011
Beiträge: 18
|
|
in kanotix Hellfire liveCD padlock support is somewhat working.
you should in a live-usb-stick asf., however, manually still type this:
modprobe via-rng
modprobe padlock-sha
modprobe padlock-aes
apt-get install rng-tools
openssl engine
/etc/init.d/rng-tools restart
Starting Hardware RNG entropy gatherer daemon: rngd.
RNG = hw random # gen works
openssl in hellfire 2.6.38 or even 2.6.39 rc6 has no hw RNG:
(padlock) VIA PadLock (no-RNG, ACE)
(dynamic) Dynamic engine loading support
if you have a hd inst instead of the live-stick add
via-rng
padlock-sha
padlock-aes
to /etc/modules
/var/log/dmesg says in hellfire 2.6.39 rc 32bit :
CPU0: Centaur VIA C7-M Processor 1000MHz stepping 00
VIA RNG detected
padlock_aes: Using VIA PadLock ACE for AES algorithm.
padlock_sha: Using VIA PadLock ACE for SHA1/SHA256 algorithms.
make sure,
/etc/ssl/openssl.conf
reads sth. like
Code:
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
openssl_conf = openssl_def
[openssl_def]
engines = openssl_engines
[openssl_engines]
padlock = padlock_engine
[padlock_engine]
default_algorithms = ALL
then still no hw rng in openssl, though.
http://ubuntuforums.org/showthread.php?t=710243
but:
openssl speed -evp aes-128-cbc -engine padlock
Code:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 38405.92k 98045.05k 160549.25k 206029.15k 238508.25k
without -evp it is 200 times slower, since padlock it is fact not used (bug)
openssl speed aes-128-cbc -engine padlock
Code:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 10621.45k 13814.63k 14946.27k 15269.76k 15177.01k
maybe the kernel was compiled to not support VIA nano padlock module or something. see:
http://www.grounation.org/index.php?post/2008/07/02/6-via-c7-padlock-on-debian-etch
To see if your OpenSSL build has PadLock support, run this simple command:
this is what you would LIKE to see:
$ openssl engine padlock
(padlock) VIA PadLock (RNG, ACE)
If instead of (RNG, ACE) you see (no-RNG, no-ACE), it means that your OpenSSL installation is PadLock-ready, but your processor is not. You also could see an ugly error message saying that there is no such engine. In that case, you should upgrade or patch your OpenSSL library.
http://www.logix.cz/michal/doc/article.xp/padlock-en#feedback_form |
Zuletzt bearbeitet von mai77 am 10.05.2011, 13:39 Uhr, insgesamt 10 Male bearbeitet
|
|
|
|
|
|
Titel: VIA C-7 / nano padlock crypto hw support in Hellfire
Verfasst am: 08.05.2011, 16:14 Uhr
|
|
Anmeldung: 17. Dez 2003
Beiträge: 16790
|
|
I have got no VIA hardware, if you like join irc and i tell you how to upgrade to .39 kernel for testing. |
|
|
|
|
|
|
Titel: VIA C-7 / nano padlock crypto hw s
Verfasst am: 08.05.2011, 23:42 Uhr
|
|
Anmeldung: 08. Mai 2011
Beiträge: 18
|
|
|
Zuletzt bearbeitet von mai77 am 09.05.2011, 13:37 Uhr, insgesamt ein Mal bearbeitet
|
|
|
|
|
|
Titel: VIA C-7 / nano padlock crypto hw support in Hellfire
Verfasst am: 09.05.2011, 04:10 Uhr
|
|
Anmeldung: 08. Mai 2011
Beiträge: 18
|
|
|
Zuletzt bearbeitet von mai77 am 09.05.2011, 13:37 Uhr, insgesamt ein Mal bearbeitet
|
|
|
|
|
|
Titel: VIA C-7 / nano padlock crypto hw support in Hellfire
Verfasst am: 09.05.2011, 09:59 Uhr
|
|
Anmeldung: 17. Dez 2003
Beiträge: 16790
|
|
Du kannst den modulnamen einfach in
/etc/modules
schreiben, dann wird es automatisch geladen. |
|
|
|
|
|
|
|
|