Re: [Ltib] usage/intention of PKG_OPENSSL_WANT_SEC

[Stuart Hughes]

Hi Gernot,

I have checked in a fix that addresses this complaint.  Any platform
that is capable of supporting this option must set CAP_HAS_HARDWARE_SEC
in their main.lkc configuration file (the default is "n").  You will not
see this option now on platforms that don't have hardware SEC.

If you want to change a platform to allow this selection, add the
following to main.lkc for that platform under:
# capabilities if different from defaults.lkc

config CAP_HAS_HARDWARE_SEC
    bool
    default n

Regards, Stuart

Gernot Hillier wrote:
> Hi!
> 
> Am 25.05.2010 14:13, schrieb Stuart Hughes:
>> You've got it about right.  IIRC at one point there was kernel assist
>> for SEC hardware acceleration for just the "mcf547x_8x" (using the SEC
>> block).
>>
>> The older openssl-0.9.7g.spec is still referenced by cobra5475 and
>> mcf547x_8x, so it can't be removed.
> 
> I didn't want to have openssl-0.9.7g.spec removed, but only the
> misleading CONFIG_PKG_OPENSSL_WANT_SEC from the general LTIB package
> selection.
> 
>> I also think having the config available is a good thing as the plumbing
>> is there if someone updates the .spec file to provide a general solution
>> for using hardware SEC.
> 
> In theory yes (and probably, I'll even find myself implementing such a
> feature one day), but for now, it's in my eyes much worse that it
> silently does nothing w/o any warning for 97% of all platforms.
> 
> How about adding a comment like "This option is currently only
> implemented for mcf547x_8x yet" to the option description to make things
> clear to users of other platforms?
>