Date: Fri, 6 Jun 2008 23:41:35 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org> To: freebsd-hackers@freebsd.org Subject: AMD Geode LX crypto accelerator (glxsb) Message-ID: <20080606234135.46144207@baby-jane-lamaiziere-net.local>
next in thread | raw e-mail | index | archive | help
Dears, I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE (via the NetBSD port). " The glxsb driver supports the security block of the Geode LX series processors. The Geode LX is a member of the AMD Geode family of integrated x86 system chips. Driven by periodic checks for available data from the generator, glxsb supplies entropy to the random(4) driver for common usage. glxsb also supports acceleration of AES-128-CBC operations for crypto(4)." I think that most of the work is done, except the random generator. Source "in progress" for 7-STABLE: http://user.lamaiziere.net/patrick/glxsb.c http://user.lamaiziere.net/patrick/glxsb.tar.gz (c+Makefile) Credits to OpenBSD and NetBSD, Thanks! Well, it seems to work but i've got few problems to test the module : - How check the encryption/decryption ? Openssl seems ok, i've got quite the same results as NetBSD on a Soekris net5501 box. But i must use -engine cryptodev, why ? $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed engine "cryptodev" set. ...CUT... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k When i test ssh -c aes128-cbc hostname, ssh does not use the crypto device. I receive a crypto_newsession() followed by a crypto_freesession(), i mean i don't receive any crypto_process(). So how can I be sure that the datas are well encrypted ? Also, I've got some questions to finish the driver: - between arc4rand() and read_random(), witch function shall i use ? - Shall I lock the sessions ? The padlock driver uses a mutex to lock the sessions http://fxr.watson.org/fxr/source/crypto/via/padlock.c?v=FREEBSD7#L211 Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at all. - during crypto_process() the driver uses "s = splnet();". I'm not sure about this ? - The driver does a busy wait to check the completion of the encryption. I think it would be beter to use the interrupt. I will look later. - Any comment is welcome, this is my first work on a driver. Thanks, regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080606234135.46144207>