Difference between revisions of "Pfsense hardware crypto"
(Created page with "amd geode (LX800) har indbygget support for hardware cryptering i pfsense/freebsd hånderes det af glxsb. for at slå modulet til først prøv med: kldload glxsb og dereft...") |
|||
Line 5: | Line 5: | ||
for at slå modulet til | for at slå modulet til | ||
− | først prøv med: kldload glxsb | + | først prøv med: |
+ | kldload glxsb | ||
og derefter for at slå til på permanent basis | og derefter for at slå til på permanent basis | ||
− | /etc/rc.conf_mount_rw | + | /etc/rc.conf_mount_rw |
− | echo glxsb_load="YES" >> /boot/loader.conf | + | echo glxsb_load="YES" >> /boot/loader.conf |
− | /etc/rc.conf_mount_ro | + | /etc/rc.conf_mount_ro |
om det er sat op, probe med: | om det er sat op, probe med: | ||
− | kldstat #viser moduler loaded | + | kldstat #viser moduler loaded |
− | dmesg | grep -i glxsb | + | dmesg | grep -i glxsb |
− | sysctl -a | grep crypto | + | sysctl -a | grep crypto |
Eller via pfsense config | Eller via pfsense config | ||
Line 23: | Line 24: | ||
Hvis modulet virker kan man teste med | Hvis modulet virker kan man teste med | ||
− | openssl speed aes-128-cbc | + | openssl speed aes-128-cbc |
kontra | kontra | ||
− | openssl speed aes-128-cbc -engine cryptodev | + | openssl speed aes-128-cbc -engine cryptodev |
− | openssl speed -elapsed -evp aes-128-cbc | + | openssl speed -elapsed -evp aes-128-cbc |
− | openssl speed -engine cryptodev -elapsed -evp aes-128-cbc | + | openssl speed -engine cryptodev -elapsed -evp aes-128-cbc |
eller | eller | ||
− | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij | + | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij |
kontra | kontra | ||
− | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev | + | dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev |
Latest revision as of 10:30, 27 October 2014
amd geode (LX800) har indbygget support for hardware cryptering
i pfsense/freebsd hånderes det af glxsb.
for at slå modulet til
først prøv med:
kldload glxsb
og derefter for at slå til på permanent basis
/etc/rc.conf_mount_rw echo glxsb_load="YES" >> /boot/loader.conf /etc/rc.conf_mount_ro
om det er sat op, probe med:
kldstat #viser moduler loaded dmesg | grep -i glxsb sysctl -a | grep crypto
Eller via pfsense config System -> Advanced -> Miscellaneous -> Cryptographic Hardware Acceleration
Hvis modulet virker kan man teste med
openssl speed aes-128-cbc
kontra
openssl speed aes-128-cbc -engine cryptodev
openssl speed -elapsed -evp aes-128-cbc openssl speed -engine cryptodev -elapsed -evp aes-128-cbc
eller
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij
kontra
dd if=/dev/zero bs=4k count=100000 | openssl enc -aes-128-cbc -e -out /dev/null -nosalt -k abcdefhij -engine cryptodev