--- Preparing the server ---
=> Make sure you use an unwanted disk (we will wipe it) that is at least 5 Gigs in size.
=> Install Fedora Core 4
--- end ---


--- Installing Fedora Core 4 ---
Insert Disk1
Power up and type "linux text" at the boot prompt.
Skip the Media Test
Select OK at the Welcome Screen
Select English at the Language Window
Select US at the Keyboard Window
Select Custom at the System Configuration Selection Window
Select Autopartition
Select "Remove all Partitions on this system" and OK
Select OK in the Partitioning Window
Select "Use Grub bootloader"
Do not define any special options for the Grub bootloader
Do not put a Grub password
Select OK on the Boot Loader Configuration Window
Select to Install on Master Boot Record
Choose DHCP for Network Configuration for all your devices
Select DHCP at the Host Name Configuration Window
Select "No Firewall" at the Firewall Window
Confirm this selection in the next window
Disable the Security Enhanced Linux
Select and confirm your timezone
Choose and enter a root password
In the Package Selection Window, only select the following groups:
Editors
Text-Based Internet
Development Tools
System Tools

Once you have confirmed your selection, the installation will actually begin. At this point, you might get a disk partitioning error; if this occurs, reboot the machine and start again; this error will not appear again.

Stick around as the installation will ask you for all 4 FC4 CDs.
In case of total panic on your part, please refer to
	http://fedora.redhat.com/docs/fedora-install-guide-en/fc4/

=>Once the installation is completed and the machine has rebooted, login and:
yum update yum
yum update
yum install mkinitrd
adduser -m <user>
passwd <user>
reboot
--- end ---


--- Building the latest version of OCF kernel ---
=>As a regular user, scp #ocf from hifn.xelerance.com
cd $HOME
scp <user>@hifn.xelerance.com:/hifn/MASTER/files/linux-2.6-ocf-b59b29.tgz .
=>extract the tar file
tar -xzvf linux-2.6-ocf-b59b29.tgz
cd linux-ocf-b59b29
cp /boot/config-`uname -r` .config
make oldconfig
=>Answer "y" to the following items, for all others, just use the default:
KLIPS26
KLIPS_OCF
OCF_OCF
OCF_CRYPTODEV
OCF_HIFN

=>Make sure CONFIG_OCF_CRYPTOSOFT is NOT set
grep CONFIG_OCF_CRYPTOSOFT .config

=>Make sure CONFIG_LOCALVERSION_AUTO is NOT set:
grep CONFIG_LOCALVERSION_AUTO .config

=>We have to set XFS off, since it prevents the kernel compile from completing.
=>edit .config and set:
CONFIG_XFS_FS=n

=>edit Makefile and check the version, also add -ocf to the EXTRAVERSION.

=>for extra debug, edit crypto/ocf/cryptodev.c and change:
	static int debug = 0;
to
	static int debug = 1;

[This will enable LOTS of debugging. Only use when problems are found. It will
likely render any benchmarking numbers completely useless!]

=>build everything:
  make bzImage modules
--- end ---


--- Installing the latest ocf kernel ---
=> You will need to do the following as root:
su - root
cd ~<user>/linux-ocf-b59b29
=>install the modules
make modules_install
=> install the kernel
mount /boot
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.15-rc1-ocf
cp .config /boot/config-2.6.15-rc1-ocf
cp System.map /boot/System.map-2.6.15-rc1-ocf
/sbin/mkinitrd /boot/initrd-2.6.15-rc1-ocf.img 2.6.15-rc1-ocf

=>edit /etc/grub.conf and add a menu item, before any other items:

title           OCF Linux, kernel 2.6.15-rc1-ocf
root            (hd0,0)
kernel          /vmlinuz-2.6.15-rc1-ocf root=/dev/VolGroup00/LogVol00 ro 
initrd          /initrd-2.6.15-rc1-ocf.img

=>You are now ready to boot into the new kernel:
  reboot

=>Select the OCF kernel in the grub menu.

=>Login and verify that /dev/crypto exists. This should have been created
by the OCF and udev code. You do not need to manually mknod it. If at some
point it has vanished, it means the OCF kernel code crashed.
--- end ---


--- Install crypto-tools ---
=> As a normal user, go to http://ocf-linux.sourceforge.net/ and download crypto-tools-20060331.tgz and ocf-linux20060331.tgz
wget http://superb-west.dl.sourceforge.net/sourceforge/ocf-linux/crypto-tools-20060331.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ocf-linux/ocf-linux-20060331.tar.gz
tar -zxvf crypto-tools-20060331.tar.gz
tar -zxvf ocf-linux-20060331.tar.gz
cd ocf-linux-20060331
tar -xzvf ocf-linux.tar.gz
=>install some files as root
su root
mkdir /usr/include/crypto
cp ocf/cryptodev.h /usr/include/crypto/
=> get out of root account
exit
cd ..
cd crypto-tools
make
--- end ---


--- Test with crypto-tools ---
=> Switch to root and run a test
su - root
cd ~<user>
cd crypto-tools
./cryptotest -a 3des 100000 1400 

=>You should see that with the Hifn card in, at least 150 Mb/sec. If the command returns immediatly without any output, it is because it cannot access any ocf devices, and since we ONLY enabled Hifn device in OCF, this means that we are either not booted into the correct kernel, or we did not enable OCF and Hifn card properly in the kernel config before we compiled the kernel. So, restart the --- Building the latest version of OCF kernel --- and --- Installing the latest ocf kernel --- steps.

[if OCF debugging was enabled in the kernel, you will see a LOT of messages]
-- end ---


--- Compiling openSSL 0.9.8a ---
=> As root,
su - root
=> download openssl-0.9.8a-6ocf.src.rpm from hifn.xelerance.com
scp <user>@hifn.xelerance.com:/hifn/MASTER/files/openssl-0.9.8a-6ocf.src.rpm /usr/src/redhat/SRPMS/

=> also download openssl097f-0.9.7f-1 
scp <user>@hifn.xelerance.com:/hifn/MASTER/files/openssl097f-0.9.7f-1.i386.rpm /usr/src/redhat/RPMS/i386/

=> Install the openssl compat rpm overriding dependancies
rpm --force --nodeps -ihv /usr/src/redhat/RPMS/i386/openssl097*

=> build and install the new openssl-ocf package
rpm -ihv /usr/src/redhat/SRPMS/openssl-0.9.8a-6ocf.src.rpm
rpmbuild -ba /usr/src/redhat/SPECS/openssl.spec
rpm -Uhv /usr/src/redhat/RPMS/i386/openssl*0.9.8*
--- end ---


--- Making a base self-contained testrun ---
=>Remove the card
=>lspci to make sure the card is not there
=>Note your kernel version
=>Note your processor speed
=>Note your Bogomips and amount of CPUs active
openssl speed -evp <des|des3|etc...> -elapsed -engine none
=>Run the same with golden packets
=>Also show how to do it with only certain algos
--- end ---


--- Making a comparative self-contained testrun ---
=>Insert the card
=>lspci to see the card
=>Note your kernel version
=>Note your processor speed
=>Note your Bogomips and amount of CPUs active
openssl speed -evp <des|des3|etc...> -elapsed -engine cryptodev
=>Run the same with golden packets
=>Also show how to do it with only certain algos
--- end ---


--- Configuring a manually keyed IPSec SA with Openswan ---
=> As root, start Openswan:
/etc/init.d/ipsec start
=> As root, run the following commands:
ipsec eroute --clear
ipsec spi --clear
OURIP=<your IP address>
HISIP=<your target's IP address>
OURKEY=0x0123456789abcdef02468ace13579bdf123456789abcdef0
HISKEY=0x0123456789abcdef02468ace13579bdf123456789abcdef0
OURAUTH=0x123456789abcdef02468ace013579bdf
HISAUTH=0x123456789abcdef02468ace013579bdf
route delete -host $HISIP gw $HISIP dev ipsec0
ipsec spi --af inet --edst $HISIP --dst $HISIP --spi 0x101 --proto esp --src $OURIP --esp 3des-md5-96 --enckey $HISKEY --authkey $HISAUTH
ipsec spi --af inet --edst $OURIP --dst $OURIP --spi 0x100 --proto esp --src $HISIP --esp 3des-md5-96 --enckey $OURKEY --authkey $OURAUTH
ipsec spigrp inet $HISIP 0x101 esp
ipsec spigrp inet $OURIP 0x100 esp
ipsec eroute --add --eraf inet --src $OURIP/32 --dst $HISIP/32 --said esp0x101@$HISIP
route add -host $HISIP gw $HISIP dev ipsec0
--- end ---