NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RNG, AES support in VIA C3

On Wed, Feb 24, 2010 at 07:50:19PM +0100, Joel Carnat wrote:
> Does this mean than random number generation and encryption
> operations are done via the hardware ?

To quote my commit message for revision 1.11 of via_padlock.c:

> Fix probe for VIA C3 and successors -- these are CPU family 6, not 5.
> The broken probe was causing the VIA padlock driver to never attach!
> Now we can see that its AES appears to be broken -- it makes FAST_IPSEC
> ESP not work, on systems where it works fine with cryptosoft.
> Rework code to detect and (if necessary) enable VIA crypto and RNG.
> Add RNG support to VIA padlock driver.  In the process, have a quick
> go at debugging the AES support but no luck thus far.

Now, in practice, for userspace (SSL, etc.) you're only going to use
AES, and that by way of OpenSSL's via_padlock module.  So the fact
that the kernel support for AES doesn't work is more or less okay.
What it prevents you from doing is using hardware accelleration for
IPsec via FAST_IPSEC.  I'd like to see that fixed but I don't have
the hardware on hand any more, nor the time to do the work.


Home | Main Index | Thread Index | Old Index