I’ve used OCF linux before and it is very cool, however its BSD license taints the linux kernel.
http://www.logix.cz/michal/devel/cryptodev/index.xp?show_selected=1&msgid=4534
Of course this patch is for 2.6.8 and I’m using 2.6.26, and am getting this error:
crypto/cryptodev.c:74: error: ‘CRYPTO_TFM_MODE_ECB’ undeclared here (not in a function)
crypto/cryptodev.c:74: error: array index in initializer not of integer type
crypto/cryptodev.c:74: error: (near initialization for ‘crypto_cipher_modes’)
crypto/cryptodev.c:75: error: ‘CRYPTO_TFM_MODE_CBC’ undeclared here (not in a function)
crypto/cryptodev.c:75: error: array index in initializer not of integer type
crypto/cryptodev.c:75: error: (near initialization for ‘crypto_cipher_modes’)
crypto/cryptodev.c:76: error: ‘CRYPTO_TFM_MODE_CFB’ undeclared here (not in a function)
crypto/cryptodev.c:76: error: array index in initializer not of integer type
crypto/cryptodev.c:76: error: (near initialization for ‘crypto_cipher_modes’)
crypto/cryptodev.c:77: error: ‘CRYPTO_TFM_MODE_CTR’ undeclared here (not in a function)
crypto/cryptodev.c:77: error: array index in initializer not of integer type
crypto/cryptodev.c:77: error: (near initialization for ‘crypto_cipher_modes’)
Obviously a lot has changed in the kernel from 2.6.8. I’m not sure how to proceed - maybe I should look at the 2.6.8 code, or I should just start editing the cryptodev.c / cryptodev.h.
There might be a chance that Michal’s code gets adopted into the kernel. That would be awesome. More info: http://www.docunext.com/wiki/Michal_Ludvig_Cryptodev
This is good - the openbsd driver for hardware accelerated aes encryption and the hardware random number generator has been ported to freebsd!
The security block and hwrng can be found on AMD Geode LX chips, such as those featured in PC Engines boards.
I haven’t tested it out yet, but I plan to very soon.
Thanks much Patrick Lamaizière!
http://user.lamaiziere.net/patrick/glxsb-220608.tar.gz
So the module I just compiled on RELENG_7_1 appears to work…
glxsb0: <AMD Geode LX Security Block (AES-128-CBC,RNG)> mem 0xefff4000-0xefff7fff irq 9 at device 1.2 on pci0
and I’m pleased to find someone on the forums who tried it too. I just updated loader.conf with glxsb_load=”YES”. Rebooting now… and then I have to change my IPSec algorithms.
Debian’s lenny repositories are now featuring linux 2.6.26 - nice! I updated my Acer Extensa EX5620-4025 last night, but I’m still having some issues with hal and wifi. 
The mini-pci-express chip is causing kernel oops, and I have no idea how to deal with that, other than submitting the error report.
Besides these issues, I’ve been leaning a ton about pfSense, ALIX boards, and hal in general. Good stuff indeed.
I’ve been working on my portable VPN gateway, and I have to admin its been a tough nut to crack. Not only did something get screwed up with my compact flash card, but I managed to totally disable two compact flash cards. I didn’t have a compact flash card, so what was I to do?
Thankfully, the new ALIX boards can PXE boot. I did this using debian, and then downloaded the pfSense image and flashed it to the compact flash card. So far so good!
My raw notes:
Having a heck of a time with my portable wifi VPN firewall setup. Not sure if
this type of thing is possible, if not, that's too bad.
Infrastructure - a connection to the internet - a client to other wireless provider
Ad-Hoc - a mesh node
Access point - a "Server" for wireless clients
=== Upgrading Embedded ===
Had to upload file via command page, then used /tmp/filename to upgrade via
the terminal.
console=ttyS0,38400n8
http://www.debian-administration.org/articles/478
http://cmrg.fifthhorseman.net/wiki/embedded/alix
http://linux-sxs.org/internet_serving/pxeboot.html
http://www.sigsegv.cx/diskless-2.html