Multiple crypto cards in a box may conflict in unexpected ways
|Affected version:||All||Affected Architecture:|
If there are multiple crypto devices on a box (padlock, hifn, glxsb) it may lead to some abiguity or confusion about which is active or which is intended to be active. Compounded by the fact that some are onboard.
The hifn and padlock drivers also don't appear to respect device.hints aimed at disabling them.
There is a sysctl for ipsec that is supposed to allow control over whether or not crypto hardware is used.
A value of -1 is supposed to force software crypto only, but it did not appear to be respected in a quick test.
There also doesn't appear to be a system-wide way to choose between crypto devices in FreeBSD, it claims it will just pick "the best one" but there may not be anything we can do about that.
This entry is here mainly to have this documented and in case we can find a way around it down the road somewhere.
#1 Updated by Ermal Luçi over 1 year ago
Just to keep this noted here.
Seems -1 is not the value for software only but on 8.1 sources 0x02000000 is the value.