This HOWTO describes the process of enabling acceleration for certain cryptographic algorithms on the BeagleBone Black(BBB). A week ago, I tried and failed due to all sorts of kernel modules problems, but it now appears I have everything in order. Specifically, I will detail how to configure OpenSSL to use the BBB crypto hardware.
- Download and flash the Debian eMMC flasher image.
- Do a
apt-get install build-essentialsto get a toolchain on the BBB.
- Download the cryptodev-linux-1.6.tar.gz device source. This allows user-space applications access to the hardware accelerators.
- Download the linux kernel headers provided by Robert Nelson. First run a
uname -aon the BBB to see what version of Debian you have. I was running v3.8.13-bone26 so that’s the folder to which you should navigate. You’ll want to download the linux-headers.deb for your version. If you have v3.8.13-bone26, you file is here.
sudo dpkg -i linux-headers-3.8.13-bone26_1.0wheezy_armhf.deb.
- There is a slight problem with one of the headers. Basically, RNelson’s deb doesn’t install all the headers because he was trying to save on precious space for the BBB. So, you need to make one tweak: (Thankfully, I stumbled on this post which gave me this idea!)
sudo nano /usr/src/linux-headers-3.8.13-bone26/arch/arm/include/asm/timex.h
Remove / comment out the line:
#include <mach/timex.h>and replace it with:
tar zxf cryptodev-linux-1.6.tar.gzand cd into that directory and do a
sudo make install.
sudo depmod -ato register your module.
sudo modprobe cryptodevto insert it.
lsmodand you should see cryptodev in the list!
cryptodevon a line by itself at the end of the file (this will make sure the module inserts on boot).
- Ok, we are done with the module, so go back and download OpenSSL (the starred version) and
tar zxf openssl*and cd into that directory. There is a patch from TI for OpenSSL that their instructions say to install. But that patch was a year old, so I’m not sure if that’s current. I did not install it.
./config -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS shared
make(this takes a long time)
sudo make install. One thing to note, this will install openssl in
/usr/local/ssl/binwhich will not be first in your path to
/usr/bin/openssl. So you should either change the default install directory or update symlinks as appropriate.
- Package this up into a deb for easy install?
- Update my tor relay and measure the performance gain.
- Work on enabling the hardware random number.
debian@arm:~/openssl-1.0.1e/cryptodev-linux-1.6$ time openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 2666405 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 64 size blocks: 905987 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 240811 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 1024 size blocks: 61145 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 7677 aes-128-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Mar 18 21:48:12 UTC 2013 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr) compiler: gcc -fPIC -DOPENSSL<em>PIC -DZLIB -DOPENSSL</em>THREADS -D<em>REENTRANT -DDSO</em>DLFCN -DHAVE<em>DLFCN</em>H -DL<em>ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D</em>FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 14268.39k 19327.72k 20617.93k 20870.83k 20963.33k real 0m15.114s user 0m15.031s sys 0m0.041s
debian@arm:/usr/local/ssl/bin$ time /usr/local/ssl/bin/openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 28166 aes-128-cbc's in 0.04s Doing aes-128-cbc for 3s on 64 size blocks: 22445 aes-128-cbc's in 0.03s Doing aes-128-cbc for 3s on 256 size blocks: 29933 aes-128-cbc's in 0.05s Doing aes-128-cbc for 3s on 1024 size blocks: 16018 aes-128-cbc's in 0.04s Doing aes-128-cbc for 3s on 8192 size blocks: 4861 aes-128-cbc's in 0.02s OpenSSL 1.0.1e 11 Feb 2013 built on: Fri Oct 4 01:48:18 UTC 2013 options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DOPENSSL<em>THREADS -D</em>REENTRANT -DDSO<em>DLFCN -DHAVE</em>DLFCN<em>H -DHAVE</em>CRYPTODEV -DUSE<em>CRYPTDEV</em>DIGESTS -march=armv7-a -Wa,--noexecstack -DTERMIO -O3 -Wall -DOPENSSL<em>BN</em>ASM<em>MONT -DOPENSSL</em>BN<em>ASM</em>GF2m -DSHA1<em>ASM -DSHA256</em>ASM -DSHA512<em>ASM -DAES</em>ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 11266.40k 47882.67k 153256.96k 410060.80k 1991065.60k real 0m15.326s user 0m0.225s sys 0m5.990s