[tahoe-dev] Running Tahoe on ARM plugs

Jack Lloyd lloyd at randombit.net
Sun Feb 20 19:23:34 UTC 2011


On Sun, Feb 20, 2011 at 07:44:20AM -0500, Greg Troxel wrote:

> I don't quite follow how a device only being accessible from
> the kernel (which is true for substantially all devices except
> perhaps via libusb)

In some cases (eg the Intel and VIA AES extensions) the crypto
operations are accessible from userspace. And ARM has a
preexisting ISA convention for userspace access to
implementation-specific coprocessors, so it's really quite
surprising that it seems like instead you have to access the
crypto hardware via talking to DMA-mapped registers set at fixed
offsets in physical memory.

> This problem has been pretty much solved in *BSD, via the opencrypto
> framework.  Each accelerator has a driver, there's a kernel-mode API,
> user-space access to the operations, and integration with OpenSSL.

The coprocessor drivers are in many cases included in mainline
kernels, and there is an in-kernel API for using them, however
the /dev/crypto implementations are not in mainline. So they can
be used for kernel operations (disk encryption, IPsec) but are
not usable from userspace (unless you patch a /dev/crypto
implementation into your kernel).

-Jack



More information about the tahoe-dev mailing list