AMD Geode LX crypto accelerator (glxsb)
Patrick Lamaizière
patfbsd at davenulle.org
Fri Jun 6 21:57:13 UTC 2008
Dears,
I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE
(via the NetBSD port).
" The glxsb driver supports the security block of the Geode LX
series processors. The Geode LX is a member of the AMD Geode family
of integrated x86 system chips.
Driven by periodic checks for available data from the generator,
glxsb supplies entropy to the random(4) driver for common usage.
glxsb also supports acceleration of AES-128-CBC operations for
crypto(4)."
I think that most of the work is done, except the random generator.
Source "in progress" for 7-STABLE:
http://user.lamaiziere.net/patrick/glxsb.c
http://user.lamaiziere.net/patrick/glxsb.tar.gz (c+Makefile)
Credits to OpenBSD and NetBSD, Thanks!
Well, it seems to work but i've got few problems to test the module :
- How check the encryption/decryption ?
Openssl seems ok, i've got quite the same results as NetBSD on a Soekris
net5501 box. But i must use -engine cryptodev, why ?
$ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed
engine "cryptodev" set.
...CUT...
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k
When i test ssh -c aes128-cbc hostname, ssh does not use the crypto
device. I receive a crypto_newsession() followed by a
crypto_freesession(), i mean i don't receive any crypto_process().
So how can I be sure that the datas are well encrypted ?
Also, I've got some questions to finish the driver:
- between arc4rand() and read_random(), witch function shall i use ?
- Shall I lock the sessions ? The padlock driver uses a mutex to lock
the sessions
http://fxr.watson.org/fxr/source/crypto/via/padlock.c?v=FREEBSD7#L211
Is it usefull ? Drivers ubsec, safe and hifn don't lock the sessions at
all.
- during crypto_process() the driver uses "s = splnet();". I'm not sure
about this ?
- The driver does a busy wait to check the completion of the
encryption. I think it would be beter to use the interrupt. I will
look later.
- Any comment is welcome, this is my first work on a driver.
Thanks, regards.
More information about the freebsd-hackers
mailing list