Looking for guidance on use of the SEC hardare in a t104x chip

mattweber · ‎09-11-2014

Where can I find the driver code for the different SEC engines in Linux SDK 1.6?

mattweber · ‎09-11-2014

Nevermind, found it. Didn't realize it's named caam. Is there any proof of concepts that use it or does it just plugin as a service that uses the existing kernel crypto interfaces? So if I wanted to use it for userspace apps I'd use cryptodev or something?

Does it accelerate IPSEC tunnels?

yipingwang · ‎09-12-2014

Hello Matt Weber,

For T1040 the SEC driver is CAAM in drivers/crypto/caam of Kernel source. About how to use it in user space application, I suggest you refer to the source code of package "openssl", I attached crypto/engine/eng_cryptodev.c file for you.

Userspace implementations of openssl enable offloading OpenSSL requests to the built-in kernel crypto API, and thus the SEC h/w via its respective driver.

While the kernel officially supports the AF_ALG socket interface, various third-party cryptodev implementations are also available.

http://carnivore.it/2011/04/23/openssl_-_af_alg

http://home.gna.org/cryptodev-linux/

http://ocf-linux.sourceforge.net/

For IPSEC, the IPSec stack built-in to the kernel (usually called NETKEY) will automatically use

crypto drivers do offload the crypto to the SEC h/w. It accelerates IPSEC tunnel, about how to set

up an IPSec tunnel, you could use methods such as setkey, strongswan and openswan, you could refer to Linux SDK documents for detailed information.

Have a great day,
Yiping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------