AMD Geode LX crypto accelerator (glxsb)
Patrick Lamaizière
patfbsd at davenulle.org
Thu Jul 10 11:09:08 UTC 2008
Le Wed, 09 Jul 2008 15:31:30 -0400,
Mike Tancsa <mike at sentex.net> a écrit :
> Without the module loaded, I can do something simple like
> glxsb0: detached
> glxsb0: <AMD Geode LX Security Block
> (AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on
> pci0 # sh s
> The result of line 1: Invalid argument.
> The result of line 2: Invalid argument.
>
> What is the proper AES encryption to use for
> IPSEC ? Why is there a difference in syntax
> ?
I've found, i think. The Geode handles only AES with a 128 bits key.
When setkey/ipsec opens a crypto session, the driver returns an error
(EINVAL) if the key length is != 128. So setkey fails.
There is no way to tell to the crypto framework that we can do only AES
with 128 bits keys. It is a problem in this case.
I don't have any solution, I can just add a BUG section in the man
page for this case.
Thank you for the report.
Regards.
More information about the freebsd-stable
mailing list