Skip to content

Commit 9736427

Browse files
philljjphilljj
committed
linuxkm: add a readme.
1 parent 6475106 commit 9736427

File tree

2 files changed

+50
-0
lines changed

2 files changed

+50
-0
lines changed

linuxkm/README.md

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# wolfSSL linuxkm (linux kernel module)
2+
3+
libwolfssl supports building as a linux kernel module (`libwolfssl.ko`).
4+
When loaded, wolfCrypt and wolfSSL API are made available to the rest of
5+
the kernel, supporting cryptography and TLS in kernel space.
6+
7+
Performing cryptographic operations in kernel space has significant advantages
8+
over user space for high throughput network (VPN, IPsec, MACsec, TLS, etc) and
9+
filesystem (dm-crypt/LUKS, fscrypt disk encryption) IO processing, with the
10+
added benefit that keys can be kept isolated to kernel space. Additionally,
11+
when wolfCrypt-FIPS is used, this provides a simple recipe for FIPS-compliant
12+
kernels.
13+
14+
Supported features:
15+
- crypto acceleration: AES-NI, AVX, etc.
16+
- kernel crypto API registration (wolfCrypt algs appear as drivers in `/proc/crypto`.).
17+
- `CONFIG_CRYPTO_FIPS`, and crypto-manager self-tests.
18+
- FIPS-compliant patches to `drivers/char/random.c`, covering kernels 5.10 to
19+
6.15.
20+
- Supports FIPS-compliant WireGuard (https://github.com/wolfssl/wolfguard).
21+
- TLS 1.3 and DTLS 1.3 kernel offload.
22+
23+
## Building and Installing
24+
25+
Build linuxkm with:
26+
27+
```sh
28+
$ ./configure --enable-linuxkm --with-linux-source=/usr/src/linux
29+
$ make -j module
30+
```
31+
32+
note: replace `/usr/src/linux` with a path to your fully configured and built
33+
target kernel source tree.
34+
35+
Assuming you are targeting your native system, install with:
36+
37+
```sh
38+
$ sudo make install
39+
$ sudo modprobe libwolfssl
40+
```
41+
42+
### options
43+
44+
| linuxkm option | description |
45+
| :------------------------------- | :--------------------------------------- |
46+
| --enable-linuxkm-lkcapi-register | Register wolfcrypt algs with linux kernel <br> crypto API. Options are 'all', 'none', or <br> comma separated list of algs. |
47+
| --enable-linuxkm-pie | Enable relocatable object build of module|
48+
| --enable-linuxkm-benchmarks | Run crypto benchmark at module load |
49+

linuxkm/include.am

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
EXTRA_DIST += m4/ax_linuxkm.m4 \
66
linuxkm/Kbuild \
77
linuxkm/Makefile \
8+
linuxkm/README.md \
89
linuxkm/get_thread_size.c \
910
linuxkm/module_hooks.c \
1011
linuxkm/module_exports.c.template \

0 commit comments

Comments
 (0)