M5484LITEKITE Freescale Semiconductor, M5484LITEKITE Datasheet - Page 12

M5484LITEKITE

Manufacturer Part Number

M5484LITEKITE

Description

KIT DEV FOR MCF548X FAMILY

Manufacturer

Freescale Semiconductor

Series

ColdFire®r

Type

MPUr

Datasheets

1.M5484LITEKITE.pdf (20 pages)

2.M5484LITEKITE.pdf (1 pages)

Specifications of M5484LITEKITE

Contents

Module and Misc Hardware

Processor To Be Evaluated

MCF548x

Data Bus Width

32 bit

Interface Type

RS-232, Ethernet

For Use With/related Products

MCF548x

For Use With

460-1028 - CABLE DISP FREESCALE M5475,85EVB

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 12 of 20
Download datasheet (556Kb)

Setting Up Device Drivers and Modules

9.5

To include the IPSEC driver in compilation, the following options should be enabled:

To include ipsecadm you should enable:

The IPsec tunnel implementation is divided into two parts: one kernel module called ipsec_tunnel.o, and

a tool to administrate security associations and tunnels called ipsecadm.

The ipsecadm tool has a built-in brief help which is displayed if you execute it without parameters, or with

unknown or invalid parameters. The tool has three main modes: the first is for adding and removing

security associations (SAs), the second is for adding, modifying and removing tunnels, and the third mode

is for displaying statistics. Before we start, we need an example scenario. Let's say that we are going to

create a tunnel between the two hosts A and B. The public IP number of host A is 1.2.3.4 and its private

IP address is 10.0.1.0/24.

IPsec uses Security Associations (SAs), which are another name for a security agreement between two

hosts. The SA is uniquely described by two IP addresses and a 32-bit number called a SPI. The SPI allows

more than one SA between a pair of hosts. When the SA was agreed upon, the two parties agreed upon the

type of the SA which can basically be encryption and/or authorization, but also the algorithms, key sizes,

and keys to be used.

Before we can create an SA, we need a key. The best way to create a key is to use ipsecadm. To create a

192-bit key (which corresponds to 24 bytes) and put it in the file /etc/ipsec/ipsec.key run the following:

Before the previous command execution on the nfs file system, we need to make it available for writing:

For the romfs we have to place the generated key to ‘<project_dir>/merge/etc/ipsec/’. Now we can use

ipsecadm to create the SA above. The name of the cipher is specified using its CryptoAPI name, which

can be a little strange. The name for triple DES is des3_ede. You can see which ciphers you have installed

by looking in the file /proc/crypto.

To create a tunnel you need two SAs, one in each direction. Since it is common to use the same security

settings for both directions, you can create a pair of SAs at one time by using --duplex. Note that it is safer

to supply the key as a file (using --cipher-keyfile) than to specify it on the command line (using

--cipher-key), because it is easy for a local user to locate the key using w or ps.

•

kernel->Network Device Support->

— IPSEC tunnel device

Administration-> Administration_Network->tcp_wrappers->ipsecadm

mkdir /etc/ipsec

chmod 500 /etc/ipsec

ipsecadm key create 3des --file=/etc/ipsec/example.key

mount –o remount,rw /dev/root /

ipsecadm sa add --spi=0x1000 --dst=192.168.1.16 --src=192.168.1.15 \

IPSEC Module

--cipher=des3_ede --cipher-keyfile=/etc/ipsec/example.key \

--duplex

MCF547x/8x Linux BSP Quick Start, Rev. 0.2

Freescale Semiconductor

M5484LITEKITE Freescale Semiconductor, M5484LITEKITE Datasheet - Page 12

M5484LITEKITE

Specifications of M5484LITEKITE

Related parts for M5484LITEKITE