Is AES-NI supported in Opnsense 22?

Started by elvinmammadov, March 14, 2022, 10:44:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 14, 2022, 10:44:24 AM
Hello,

We have installed Opnsense 22.1.2, but in Hardware Acceleration, it doesn't show AES-NI, but hardware has AES-NI. So I would like to know if AES-NI support has been removed? Thanks.

March 14, 2022, 10:48:47 AM #1
See the release notes for 22.1.2:
o system: AESNI crypto module is a kernel-builtin since 22.1 and no longer needs to be selected to work
https://forum.opnsense.org/index.php?topic=27253.0

;)
i am not an expert... just trying to help...
March 14, 2022, 11:19:24 AM #2
Thank you for your reply. Then, in this case, I should select "None", right?
March 14, 2022, 12:07:55 PM #3
At least that's how I understand it.
Im still on 22.1.1, therefore I still have AESNI in dropdown menu. I am also not sure how to verify if its really enabled (and supported) or not.
i am not an expert... just trying to help...
March 14, 2022, 12:12:48 PM #4
It's loaded either way on 22.1.x whether it is selected, not selected or was previously selected. ;)


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
March 30, 2022, 12:42:45 PM #5
Hi,

OPNsense 22.1.3-amd64 with Intel(R) Core(TM) i7-8550U CPU 

Code Select

root@:~ # dmesg | grep -i aes
  Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>



Code Select

root@:~ # kldstat
Id Refs Address                Size Name
1   42 0xffffffff80200000  2159b38 kernel
2    1 0xffffffff8235a000   5b7420 zfs.ko
3    1 0xffffffff82912000     f460 carp.ko
4    1 0xffffffff82922000     ab48 opensolaris.ko
5    1 0xffffffff8292d000     e318 pfsync.ko
6    3 0xffffffff8293c000    73db0 pf.ko
7    1 0xffffffff829b0000     ba48 if_gre.ko
8    1 0xffffffff829bc000     3b18 pflog.ko
9    1 0xffffffff829c0000    181d0 if_lagg.ko
10    2 0xffffffff829d9000     3538 if_infiniband.ko
11    1 0xffffffff829de000     4b58 if_enc.ko
12    1 0xffffffff829e3000     e4f0 if_bridge.ko
13    2 0xffffffff829f2000     7870 bridgestp.ko
14    1 0xffffffff82d20000     3530 fdescfs.ko
15    1 0xffffffff82d24000     3250 ichsmb.ko
16    1 0xffffffff82d28000     2180 smbus.ko
17    1 0xffffffff82d2b000     20f0 coretemp.ko



if the Module would be loaded, should kldstat output not show also something like aesni.ko ?

Thx!

Cheers,
Crissi
March 30, 2022, 12:55:57 PM #6
> AESNI crypto module is a kernel-builtin since 22.1

That means it's a kernel-builtin since FreeBSD 13. Yes there is a module for arcane reasons but for amd64 you cannot load it anyway because it's in the kernel by default.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
March 30, 2022, 01:18:55 PM #7
Thanks Franco for clarification
Cheers,
Crissi
Print
Go Up Pages1
User actions