AMD Geode LX crypto accelerator (glxsb)

Patrick Lamaizière patfbsd at
Fri Jun 6 21:57:13 UTC 2008


I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE
(via the NetBSD port).
" The glxsb driver supports the security block of the Geode LX
series processors.  The Geode LX is a member of the AMD Geode family
of integrated x86 system chips.
Driven by periodic checks for available data from the generator,
glxsb supplies entropy to the random(4) driver for common usage.

glxsb also supports acceleration of AES-128-CBC operations for

I think that most of the work is done, except the random generator.
Source "in progress" for 7-STABLE: (c+Makefile)

Credits to OpenBSD and NetBSD, Thanks!

Well, it seems to work but i've got few problems to test the module :

- How check the encryption/decryption ?

Openssl seems ok, i've got quite the same results as NetBSD on a Soekris
net5501 box. But i must use -engine cryptodev, why ?

$ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed
engine "cryptodev" set.
type        16 bytes  64 bytes  256 bytes 1024 bytes 8192 bytes
aes-128-cbc 1151.08k  4134.25k  11936.49k 22504.83k  25576.36k

When i test ssh -c aes128-cbc hostname, ssh does not use the crypto
device. I receive a crypto_newsession() followed by a
crypto_freesession(), i mean i don't receive any crypto_process().

So how can I be sure that the datas are well encrypted ?

Also, I've got some questions to finish the driver:

- between arc4rand() and read_random(), witch function shall i use ?

- Shall I lock the sessions ? The padlock driver uses a mutex to lock
the sessions 

Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at

- during crypto_process() the driver uses "s = splnet();". I'm not sure
about this ?

- The driver does a busy wait to check the completion of the
encryption. I think it would be beter to use the interrupt. I will
look later.

- Any comment is welcome, this is my first work on a driver.

Thanks, regards.

More information about the freebsd-hackers mailing list