Pfsense hardware crypto

From HoerupWiki
Jump to: navigation, search

amd geode (LX800) har indbygget support for hardware cryptering

i pfsense/freebsd hånderes det af glxsb.

for at slå modulet til

først prøv med: 

kldload glxsb

og derefter for at slå til på permanent basis 

/etc/rc.conf_mount_rw
echo glxsb_load="YES" >> /boot/loader.conf
/etc/rc.conf_mount_ro

om det er sat op, probe med: 

kldstat #viser moduler loaded
dmesg | grep -i glxsb
sysctl -a | grep crypto

Eller via pfsense config System -> Advanced -> Miscellaneous -> Cryptographic Hardware Acceleration


Hvis modulet virker kan man teste med 

openssl speed aes-128-cbc

kontra 

openssl speed aes-128-cbc -engine cryptodev

openssl speed -elapsed -evp aes-128-cbc
openssl speed -engine cryptodev -elapsed -evp aes-128-cbc


eller 

dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij

kontra 

dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev
Retrieved from "https://wiki.t-hoerup.dk/index.php?title=Pfsense_hardware_crypto&oldid=11438"