Date: Mon, 12 Oct 2009 14:16:46 -0400 From: Steve Polyack <korvus@comcast.net> To: John Case <case@sdf.lonestar.org> Cc: freebsd-hardware@freebsd.org Subject: Re: SSL/AES acceleration in FreeBSD ? Message-ID: <4AD3728E.8010509@comcast.net> In-Reply-To: <Pine.NEB.4.64.0910121554080.3170@otaku.freeshell.org> References: <Pine.NEB.4.64.0910121554080.3170@otaku.freeshell.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John Case wrote: > > This presentation document from meetBSD 2008: > > http://www.paeps.cx/pubs/crypto_acceleration/slides.pdf > > lists these supported devices: > > glxsb(4) AMD Geode > hifn(4) Hifn > padlock(4) VIA Padlock > safe(4) SafeNet > ubsec(4) Broadcom/Bluesteel > > However, I can only find "safe" as a isted device in generic kernel > configuration files. The other devices are not anywhere in kernel > config files. cd > I can personally verify FreeBSD's support for the Geode (glxsb(4)) and various hifn(4) and ubsec(4) devices. The code is all there and has been there for some time: glxsb(4) - /usr/src/sys/dev/glxsb hifn(4) - /usr/src/sys/dev/hifn ubsec(4) - /usr/src/sys/dev/ubsec I'm not sure about the kernel options, but all of the above are typically built as modules with the GENERIC kernel. After loading the module, the devices are then made available through the cryptodev(4) driver. OpenSSL and several tools (/usr/src/tools/tools/crypto/cryptotest & cryptostats) can confirm they are being used. > > My goal is to accelerate the Tor onion router using hardware on > FreeBSD. Since safe(4) is a standard kernel config option, that seemed > a likely starting place, however a cursory search shows that this is > not really a working device and certainly not a trouble-free item to > implement. You will may find that for any fairly modern dual-core CPU (even an Athlon64 X2), the CPU will outperform pretty much all of the hardware crypto-accelerator offerings, except for the most recent and high-end. This is *especially* true when you are doing many small cryptographic operations, which I assume Tor may be doing. You'll still at least get the benefit of offloading all of these operations from the CPU, freeing it up to spend time on other tasks. > > Are any implementations of hardware crypto acceleration both stable > and trouble-free in FreeBSD ? In the testing I've done, the hifn, ubsec, and glxsb devices all work quite well. I haven't seen any problems with any of them. If you're still looking to select a card, I'd recommend the newest Broadcom offerings that you can find on eBay at a fair price - these use the ubsec(4) driver. > > I appreciate all comments and suggestions. > _______________________________________________ > freebsd-hardware@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hardware > To unsubscribe, send any mail to > "freebsd-hardware-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AD3728E.8010509>