AMD Geode LX crypto accelerator (glxsb)
Mike Tancsa
mike at sentex.net
Wed Jul 9 19:31:38 UTC 2008
At 11:05 AM 6/22/2008, Patrick Lamaizière wrote:
>Le Fri, 6 Jun 2008 23:41:35 +0200,
>Patrick Lamaizière <patfbsd at davenulle.org> a écrit :
>
>Hello,
>
> > I'm trying to port the glxsb driver from OpenBSD to FreeBSD 7-STABLE
> > (via the NetBSD port).
> > " The glxsb driver supports the security block of the Geode LX
> > series processors. The Geode LX is a member of the AMD Geode family
> > of integrated x86 system chips.
Hi,
Thanks for porting this over! I am just
trying it now with ipsec on a soekris 5501
Without the module loaded, I can do something simple like
# sh s
# cat s
MEOUTSIDE=64.x.x.x
MEINSIDE=192.168.5.0/24
REMOTEOUTSIDE=64.y.y.y
REMOTEINSIDE=192.168.1.0/24
IPSECKEY=zxzpprlNH61N11SGfrCa8dxZ
setkey -c <<EOF
add $MEOUTSIDE $REMOTEOUTSIDE esp 1049
-m any -E rijndael-cbc "$IPSECKEY";
add $REMOTEOUTSIDE $MEOUTSIDE esp 1049
-m any -E rijndael-cbc "$IPSECKEY";
spdadd $MEINSIDE $REMOTEINSIDE any -P
out ipsec esp/tunnel/$MEOUTSIDE-$REMOTEOUTSIDE/require;
spdadd $REMOTEINSIDE $MEINSIDE any -P
in ipsec esp/tunnel/$REMOTEOUTSIDE-$MEOUTSIDE/require;
EOF
But if I load the glxsb modules, setkey fails on the same policy.
# setkey -F
# setkey -FP
# setkey -DP
No SPD entries.
# kldload glxsb
# dmesg | tail
vr0: link state changed to DOWN
vr0: link state changed to UP
vr0: promiscuous mode enabled
vr0: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
vr1: promiscuous mode enabled
vr1: promiscuous mode disabled
glxsb0: detached
glxsb0: <AMD Geode LX Security Block
(AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0
# sh s
The result of line 1: Invalid argument.
The result of line 2: Invalid argument.
#
What is the proper AES encryption to use for
IPSEC ? Why is there a difference in syntax
? This is RELENG_7 from a few days ago. If I
change the crypto to 3des-cbc, it works, but its
not making use of the crypto offload of course.
---Mike
More information about the freebsd-stable
mailing list