Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: elvinmammadov on March 14, 2022, 10:44:24 AM

Title: Is AES-NI supported in Opnsense 22?
Post by: elvinmammadov on March 14, 2022, 10:44:24 AM
Hello,

We have installed Opnsense 22.1.2, but in Hardware Acceleration, it doesn't show AES-NI, but hardware has AES-NI. So I would like to know if AES-NI support has been removed? Thanks.

Title: Re: Is AES-NI supported in Opnsense 22?
Post by: tiermutter on March 14, 2022, 10:48:47 AM
See the release notes for 22.1.2:
o system: AESNI crypto module is a kernel-builtin since 22.1 and no longer needs to be selected to work
https://forum.opnsense.org/index.php?topic=27253.0

;)
Title: Re: Is AES-NI supported in Opnsense 22?
Post by: elvinmammadov on March 14, 2022, 11:19:24 AM
Thank you for your reply. Then, in this case, I should select "None", right?
Title: Re: Is AES-NI supported in Opnsense 22?
Post by: tiermutter on March 14, 2022, 12:07:55 PM
At least that's how I understand it.
Im still on 22.1.1, therefore I still have AESNI in dropdown menu. I am also not sure how to verify if its really enabled (and supported) or not.
Title: Re: Is AES-NI supported in Opnsense 22?
Post by: franco on March 14, 2022, 12:12:48 PM
It's loaded either way on 22.1.x whether it is selected, not selected or was previously selected. ;)


Cheers,
Franco
Title: Re: Is AES-NI supported in Opnsense 22?
Post by: crissi on March 30, 2022, 12:42:45 PM
Hi,

OPNsense 22.1.3-amd64 with Intel(R) Core(TM) i7-8550U CPU 

Code Select

root@:~ # dmesg | grep -i aes
  Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>



Code Select

root@:~ # kldstat
Id Refs Address                Size Name
1   42 0xffffffff80200000  2159b38 kernel
2    1 0xffffffff8235a000   5b7420 zfs.ko
3    1 0xffffffff82912000     f460 carp.ko
4    1 0xffffffff82922000     ab48 opensolaris.ko
5    1 0xffffffff8292d000     e318 pfsync.ko
6    3 0xffffffff8293c000    73db0 pf.ko
7    1 0xffffffff829b0000     ba48 if_gre.ko
8    1 0xffffffff829bc000     3b18 pflog.ko
9    1 0xffffffff829c0000    181d0 if_lagg.ko
10    2 0xffffffff829d9000     3538 if_infiniband.ko
11    1 0xffffffff829de000     4b58 if_enc.ko
12    1 0xffffffff829e3000     e4f0 if_bridge.ko
13    2 0xffffffff829f2000     7870 bridgestp.ko
14    1 0xffffffff82d20000     3530 fdescfs.ko
15    1 0xffffffff82d24000     3250 ichsmb.ko
16    1 0xffffffff82d28000     2180 smbus.ko
17    1 0xffffffff82d2b000     20f0 coretemp.ko



if the Module would be loaded, should kldstat output not show also something like aesni.ko ?

Thx!

Title: Re: Is AES-NI supported in Opnsense 22?
Post by: franco on March 30, 2022, 12:55:57 PM
> AESNI crypto module is a kernel-builtin since 22.1

That means it's a kernel-builtin since FreeBSD 13. Yes there is a module for arcane reasons but for amd64 you cannot load it anyway because it's in the kernel by default.


Cheers,
Franco
Title: Re: Is AES-NI supported in Opnsense 22?
Post by: crissi on March 30, 2022, 01:18:55 PM
Thanks Franco for clarification
Text only | Text with Images