On Thu, Jan 29, 2015 at 7:07 AM, Chris Buechler <[email protected]> wrote:
> On Sun, Jan 25, 2015 at 7:59 PM, Peder Rovelstad <[email protected]>
> wrote:
>> Hello. Has Via Padlock Hardware Crypto support been disabled in
>> pfSense/FreeBSD 10?
>
> No, should still be there. Whether anyone's continually testing the
> old drivers like that is unknown, that's one I haven't personally
> tested. You seeing it not work, or just curious?
I'm using a VIA platform with pfSense.
>From FreeBSD-9 onward you might disable hdac0 [0] to boot successfully.
Name pfSense.lan
Version 2.2-RELEASE (amd64)
built on Thu Jan 22 14:03:54 CST 2015
FreeBSD 10.1-RELEASE-p4
You are on the latest version.
Platform nanobsd (2g)
NanoBSD Boot Slice pfsense1 / da0s2 (ro)
CPU Type VIA Eden X2 U4200 @ 1.0+ GHz
Current: 872 MHz, Max: 997 MHz
2 CPUs: 2 package(s) x 1 core(s)
Hardware crypto VIA Padlock
Uptime 16 Hours 59 Minutes 39 Seconds
$ cat /var/log/dmesg.boot
Copyright (c) 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Thu Jan 22
15:12:35 CST 2015
root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10
amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: VIA Eden X2 U4200 @ 1.0+ GHz (997.52-MHz K8-class CPU)
Origin = "CentaurHauls" Id = 0x6fc Family = 0x6 Model = 0xf Stepping = 12
Features=0xbfc9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x8863a9<SSE3,MON,VMX,EST,TM2,SSSE3,CX16,xTPR,SSE4.1,POPCNT>
AMD Features=0x20100800<SYSCALL,NX,LM>
AMD Features2=0x1<LAHF>
VIA Padlock Features=0x1ec13dcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
VT-x: HLT,PAUSE
TSC: P-state invariant
real memory = 4294967296 (4096 MB)
avail memory = 3837759488 (3659 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <021412 APIC1416>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 2 package(s) x 1 core(s)
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 2
ioapic0: Changing APIC ID to 3
ioapic1: Changing APIC ID to 4
ioapic0 <Version 0.3> irqs 0-23 on motherboard
ioapic1 <Version 0.3> irqs 24-47 on motherboard
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff80606c30, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80606ce0, 0) error 1
ipw_monitor: You need to read the LICENSE file in
/usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set
legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80606d90, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_bss: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff8062e400, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
iwi_ibss: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff8062e4b0, 0) error 1
iwi_monitor: You need to read the LICENSE file in
/usr/share/doc/legal/intel_iwi/.
iwi_monitor: If you agree with the license, set
legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff8062e560, 0) error 1
random: <Software, Yarrow> initialized
kbd1 at kbdmux0
cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
acpi0: <021412 XSDT1416> on motherboard
acpi0: Power Button (fixed)
acpi0: reservation of fed02000, 1000 (3) failed
acpi0: reservation of fed03000, 1000 (3) failed
acpi0: reservation of fed05000, 1000 (3) failed
acpi0: reservation of fff00000, 100000 (3) failed
acpi0: reservation of fecc0000, 1000 (3) failed
acpi0: reservation of fec00000, 1000 (3) failed
acpi0: reservation of fee00000, 1000 (3) failed
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, cff00000 (3) failed
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
attimer0: <AT timer> port 0x40-0x43 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0: <AT realtime clock> port 0x70-0x71 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 450
Event timer "HPET2" frequency 14318180 Hz quality 450
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> mem
0xfb000000-0xfbffffff,0xfc000000-0xfcffffff,0xd0000000-0xdfffffff irq
40 at device 1.0 on pci0
vgapci0: Boot video device
pcib1: <ACPI PCI-PCI bridge> irq 27 at device 3.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vge0: <VIA Networking Velocity Gigabit Ethernet> port 0xc800-0xc8ff
mem 0xfeaffc00-0xfeaffcff irq 24 at device 0.0 on pci1
vge0: Using 1 MSI message
vge0: 4GB boundary crossed, switching to 32bit DMA address mode.
miibus0: <MII bus> on vge0
ip1000phy0: <IP1001 10/100/1000 media interface> PHY 1 on miibus0
ip1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX,
1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master,
auto, auto-flow
pcib2: <ACPI PCI-PCI bridge> irq 31 at device 3.1 on pci0
pci2: <ACPI PCI bus> on pcib2
vge1: <VIA Networking Velocity Gigabit Ethernet> port 0xd800-0xd8ff
mem 0xfebffc00-0xfebffcff irq 28 at device 0.0 on pci2
vge1: Using 1 MSI message
miibus1: <MII bus> on vge1
ip1000phy1: <IP1001 10/100/1000 media interface> PHY 1 on miibus1
ip1000phy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX,
1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master,
auto, auto-flow
pcib3: <ACPI PCI-PCI bridge> irq 35 at device 3.2 on pci0
pci3: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> irq 39 at device 3.3 on pci0
pci5: <ACPI PCI bus> on pcib4
atapci0: <VIA VX900 SATA300 controller> port
0xbc00-0xbc07,0xb880-0xb883,0xb800-0xb807,0xb480-0xb483,0xb400-0xb40f
irq 21 at device 15.0 on pci0
ata2: <ATA channel> at channel 0 on atapci0
ata3: <ATA channel> at channel 1 on atapci0
uhci0: <VIA 83C572 USB controller> port 0xb080-0xb09f irq 20 at device
16.0 on pci0
usbus0 on uhci0
uhci1: <VIA 83C572 USB controller> port 0xb000-0xb01f irq 22 at device
16.1 on pci0
usbus1 on uhci1
uhci2: <VIA 83C572 USB controller> port 0xac00-0xac1f irq 21 at device
16.2 on pci0
usbus2 on uhci2
uhci3: <VIA 83C572 USB controller> port 0xa880-0xa89f irq 23 at device
16.3 on pci0
usbus3 on uhci3
ehci0: <VIA VT6202 USB 2.0 controller> mem 0xfe9ebc00-0xfe9ebcff irq
23 at device 16.4 on pci0
usbus4: EHCI version 1.0
usbus4 on ehci0
isab0: <PCI-ISA bridge> at device 17.0 on pci0
isa0: <ISA bus> on isab0
pcib5: <ACPI PCI-PCI bridge> at device 19.0 on pci0
pci6: <ACPI PCI bus> on pcib5
hdac1: <VIA VT8251/8237A HDA Controller> mem 0xfe9e4000-0xfe9e7fff irq
17 at device 20.0 on pci0
acpi_button0: <Sleep Button> on acpi0
acpi_button1: <Power Button> on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 4 on acpi0
uart2: <16550 or compatible> port 0x3e8-0x3ef irq 4 on acpi0
uart3: <16550 or compatible> port 0x2e8-0x2ef irq 4 on acpi0
uart4: <16550 or compatible> port 0x2b0-0x2b7 irq 4 on acpi0
uart5: <16550 or compatible> port 0x2b8-0x2bf irq 4 on acpi0
uart6: <16550 or compatible> port 0x280-0x287 irq 3 on acpi0
uart7: <16550 or compatible> port 0x288-0x28f irq 3 on acpi0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
fdc0: <Enhanced floppy controller> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor CentaurHauls, msr 8480a4c08000a4c
device_attach: est0 attach returned 6
p4tcc0: <CPU Frequency Thermal Control> on cpu0
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor CentaurHauls, msr 8480a4c08000a4c
device_attach: est1 attach returned 6
p4tcc1: <CPU Frequency Thermal Control> on cpu1
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
hdacc0: <VIA VT2020 HDA CODEC> at cad 0 on hdac1
hdaa0: <VIA VT2020 Audio Function Group> at nid 1 on hdacc0
pcm0: <VIA VT2020 (Analog 2.0+HP/2.0)> at nid 36,40 and 43,41,42 on hdaa0
pcm1: <VIA VT2020 (Rear-panel Digital)> at nid 45 on hdaa0
random: unblocking device.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ugen0.1: <VIA> at usbus0
uhub0: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen4.1: <VIA> at usbus4
uhub1: <VIA EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
ugen3.1: <VIA> at usbus3
uhub2: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen2.1: <VIA> at usbus2
uhub3: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen1.1: <VIA> at usbus1
uhub4: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
uhub0: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
uhub4: 2 ports with 2 removable, self powered
uhub1: 8 ports with 8 removable, self powered
ugen4.2: <Generic> at usbus4
umass0: <Generic USB Storage, class 0/0, rev 2.00/2.72, addr 2> on usbus4
da0 at umass-sim0 bus 0 scbus2 target 0 lun 0
da0: <Generic STORAGE DEVICE> Removable Direct Access SCSI-0 device
da0: Serial Number 000000000000
da0: 40.000MB/s transfers
da0: 1962MB (4019200 512 byte sectors: 255H 63S/T 250C)
da0: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE>
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 997522120 Hz quality 800
Trying to mount root from ufs:/dev/ufs/pfsense1 [ro,sync,noatime]...
$ openssl engine -t -c
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]
[ available ]
(rsax) RSAX engine support
[RSA]
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
$ openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 340027 aes-128-cbc's in 0.18s
Doing aes-128-cbc for 3s on 64 size blocks: 352184 aes-128-cbc's in 0.19s
Doing aes-128-cbc for 3s on 256 size blocks: 337286 aes-128-cbc's in 0.17s
Doing aes-128-cbc for 3s on 1024 size blocks: 283032 aes-128-cbc's in 0.16s
Doing aes-128-cbc for 3s on 8192 size blocks: 121301 aes-128-cbc's in 0.13s
OpenSSL 1.0.1k-freebsd 8 Jan 2015
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial)
idea(int) blowfish(idx)
cc
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 30277.19k 120212.14k 502372.17k 1854878.52k 7481959.85k
$ openssl speed -evp aes-128-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-128-cbc for 3s on 16 size blocks: 357672 aes-128-cbc's in 0.18s
Doing aes-128-cbc for 3s on 64 size blocks: 350922 aes-128-cbc's in 0.22s
Doing aes-128-cbc for 3s on 256 size blocks: 337431 aes-128-cbc's in 0.20s
Doing aes-128-cbc for 3s on 1024 size blocks: 283323 aes-128-cbc's in 0.16s
Doing aes-128-cbc for 3s on 8192 size blocks: 121486 aes-128-cbc's in 0.09s
OpenSSL 1.0.1k-freebsd 8 Jan 2015
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial)
idea(int) blowfish(idx)
cc
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 31848.36k 102669.75k 425266.88k 1768367.25k 11580663.99k
$ dd if=/dev/random of=/dev/null bs=1M count=100
100+0 records in
100+0 records out
104857600 bytes transferred in 8.747192 secs (11987572 bytes/sec)
I think security/openssl 1.0.1l might apply patches for padlock correctly [1-3].
Best Regards,
Hakisho Nukama
[0] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163164
[1] http://git.alpinelinux.org/cgit/aports/plain/main/openssl/
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=164795
[3]
https://svnweb.freebsd.org/ports/head/security/openssl/Makefile?revision=377159&view=markup
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
