Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

linuxkm: add a readme.

Browse Source
This commit is contained in:
jordan
2025-12-12 17:07:07 -06:00
parent 6475106ce7
commit 9736427e7a
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
linuxkm/README.md Normal file
View File

@@ -0,0 +1,49 @@
# wolfSSL linuxkm (linux kernel module)
libwolfssl supports building as a linux kernel module (`libwolfssl.ko`).
When loaded, wolfCrypt and wolfSSL API are made available to the rest of
the kernel, supporting cryptography and TLS in kernel space.
Performing cryptographic operations in kernel space has significant advantages
over user space for high throughput network (VPN, IPsec, MACsec, TLS, etc) and
filesystem (dm-crypt/LUKS, fscrypt disk encryption) IO processing, with the
added benefit that keys can be kept isolated to kernel space. Additionally,
when wolfCrypt-FIPS is used, this provides a simple recipe for FIPS-compliant
kernels.
Supported features:
- crypto acceleration: AES-NI, AVX, etc.
- kernel crypto API registration (wolfCrypt algs appear as drivers in `/proc/crypto`.).
- `CONFIG_CRYPTO_FIPS`, and crypto-manager self-tests.
- FIPS-compliant patches to `drivers/char/random.c`, covering kernels 5.10 to
6.15.
- Supports FIPS-compliant WireGuard (https://github.com/wolfssl/wolfguard).
- TLS 1.3 and DTLS 1.3 kernel offload.
## Building and Installing
Build linuxkm with:
```sh
$ ./configure --enable-linuxkm --with-linux-source=/usr/src/linux
$ make -j module
```
note: replace `/usr/src/linux` with a path to your fully configured and built
target kernel source tree.
Assuming you are targeting your native system, install with:
```sh
$ sudo make install
$ sudo modprobe libwolfssl
```
### options
| linuxkm option | description |
| :------------------------------- | :--------------------------------------- |
| --enable-linuxkm-lkcapi-register | Register wolfcrypt algs with linux kernel <br> crypto API. Options are 'all', 'none', or <br> comma separated list of algs. |
| --enable-linuxkm-pie | Enable relocatable object build of module|
| --enable-linuxkm-benchmarks | Run crypto benchmark at module load |

1
linuxkm/include.am
View File

@@ -5,6 +5,7 @@
EXTRA_DIST += m4/ax_linuxkm.m4 \
linuxkm/Kbuild \
linuxkm/Makefile \
linuxkm/README.md \
linuxkm/get_thread_size.c \
linuxkm/module_hooks.c \
linuxkm/module_exports.c.template \