Pfsense hardware crypto: Difference between revisions
Jump to navigation
Jump to search
Created page with "amd geode (LX800) har indbygget support for hardware cryptering i pfsense/freebsd hånderes det af glxsb. for at slå modulet til først prøv med: kldload glxsb og dereft..." |
No edit summary |
||
| Line 5: | Line 5: | ||
for at slå modulet til | for at slå modulet til | ||
først prøv med: kldload glxsb | først prøv med: | ||
kldload glxsb | |||
og derefter for at slå til på permanent basis | og derefter for at slå til på permanent basis | ||
/etc/rc.conf_mount_rw | /etc/rc.conf_mount_rw | ||
echo glxsb_load="YES" >> /boot/loader.conf | echo glxsb_load="YES" >> /boot/loader.conf | ||
/etc/rc.conf_mount_ro | /etc/rc.conf_mount_ro | ||
om det er sat op, probe med: | om det er sat op, probe med: | ||
kldstat #viser moduler loaded | kldstat #viser moduler loaded | ||
dmesg | grep -i glxsb | dmesg | grep -i glxsb | ||
sysctl -a | grep crypto | sysctl -a | grep crypto | ||
Eller via pfsense config | Eller via pfsense config | ||
| Line 23: | Line 24: | ||
Hvis modulet virker kan man teste med | Hvis modulet virker kan man teste med | ||
openssl speed aes-128-cbc | openssl speed aes-128-cbc | ||
kontra | kontra | ||
openssl speed aes-128-cbc -engine cryptodev | openssl speed aes-128-cbc -engine cryptodev | ||
openssl speed -elapsed -evp aes-128-cbc | openssl speed -elapsed -evp aes-128-cbc | ||
openssl speed -engine cryptodev -elapsed -evp aes-128-cbc | openssl speed -engine cryptodev -elapsed -evp aes-128-cbc | ||
eller | eller | ||
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij | ||
kontra | kontra | ||
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev | ||
Latest revision as of 08:30, 27 October 2014
amd geode (LX800) har indbygget support for hardware cryptering
i pfsense/freebsd hånderes det af glxsb.
for at slå modulet til
først prøv med:
kldload glxsb
og derefter for at slå til på permanent basis
/etc/rc.conf_mount_rw echo glxsb_load="YES" >> /boot/loader.conf /etc/rc.conf_mount_ro
om det er sat op, probe med:
kldstat #viser moduler loaded dmesg | grep -i glxsb sysctl -a | grep crypto
Eller via pfsense config System -> Advanced -> Miscellaneous -> Cryptographic Hardware Acceleration
Hvis modulet virker kan man teste med
openssl speed aes-128-cbc
kontra
openssl speed aes-128-cbc -engine cryptodev
openssl speed -elapsed -evp aes-128-cbc openssl speed -engine cryptodev -elapsed -evp aes-128-cbc
eller
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij
kontra
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev