Kernel 2.6.38 introduced an API to access the kernel crypto API from userspace. While there was a port of BSD's cryptodev for linux which basically provides the same functionality, the cryptodev code never made it into the mainline of the kernel.
Accessing the kernels crypto API from userspace allows making use of crypto hardware, which can't be accessed from userspace directly. Hardware accelerated cryptography as provided by VIA Padlock1) and Intel AES-NI2) can be accessed from userspace directly, so you do not need AF_ALG at all, but AMD Geode processors AES cryptography is - contrary to Padlock and AES-NI - not an instruction3) and therefore can't be accessed from userspace.
You may be interested in the discussion of af_alg vs cryptodev performance 4) and the raw numbers and benchmarking software too
5).
As I own AMD Geode powered hardware (ALIX), I decided to play with AF_ALG.
As mentioned in the comments, the cf card in my alix died right after the installation, and I decided to hook up a 2.5” hard disk instead.
Getting the disk was trivial, it is a standard notebook hard disk, which can be bought almost everywhere.
Getting a 44pin ata cable to attach the disk to the alix board was a problem, after some weeks I ended up getting the cable totally overpriced on ebay due to lack of alternatives.
The harddisk *has* to be slave, even if you do not have a cf card attached, you can't have the hdd being master.
As I wanted to share my experience with the Alix 2D13 hardware I got last year, I split up my notes in some more or less logic parts.
Some notes from my experiences with the alix 2d13 hardware, the information may be outdated already, but might be useful as reference anyway.
The plan is to use dynamic dns updates with dhcp3 and bind9. We keep lan & wlan seperate, so we can assign domain names based on the medium, if the host got not static-lease assigned based on his mac. Dynamic dhcp hosts get a dns entry like 192-168-5(2|3)-128.dyn.(wifi|wired).example.prv, based on the medium, static dhcp clients can either specify their entry themselves (usually the hostname), or you can set it as part of the config. We use the example.prv domain for our private network.
