Project

General

Profile

Actions

Regression #13670

closed

AES-NI support is built into the kernel on snapshots instead of being a module

Added by johnny stecchino about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
Dashboard
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:
amd64

Description

AES-NI is activated in Advanced/Miscellaneous but dashboard system status shows AES-NI present but inactive

ps this machine also has quick assist


Files

Screenshot 2022-11-16 at 3.05.04 PM.png (42.2 KB) Screenshot 2022-11-16 at 3.05.04 PM.png system-status johnny stecchino, 11/16/2022 02:05 PM
Screenshot 2022-11-16 at 3.02.59 PM.png (161 KB) Screenshot 2022-11-16 at 3.02.59 PM.png adv-misc-settings johnny stecchino, 11/16/2022 02:05 PM
QATandAES.png (10.1 KB) QATandAES.png Jordan G, 11/19/2022 06:22 PM
Actions #1

Updated by Jim Pingle about 2 years ago

  • Tracker changed from Bug to Regression
  • Project changed from pfSense Plus to pfSense
  • Subject changed from AES-NI crypto module shows as inactive when it is in fact present and active to AES-NI support is built into the kernel on snapshots instead of being a module
  • Category changed from Cryptographic Modules to Dashboard
  • Status changed from New to Feedback
  • Assignee set to Kristof Provost
  • Target version set to 2.7.0
  • Affected Plus Version deleted (23.01)
  • Plus Target Version set to 23.01

This is because AES-NI is currently built into the kernel. We were debating whether to keep it in the kernel or move it back to a module (Internal issue NG 8925).

MR https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/112 to move it back to a module was merged earlier today, so it should be in snapshots tomorrow.

Actions #2

Updated by Jim Pingle about 2 years ago

  • Release Notes changed from Default to Force Exclusion
Actions #3

Updated by Jordan G about 2 years ago

on 23.01.a.20221118.0600 if I switch from QAT to AES-NI in the System>Advanced>Miscellaneous, save/apply, then check the dashboard it shows Yes(Active) for both QAT and AES-NI (AES-NI is actually selected).

Actions #4

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100

That is normal. Changing the configuration does not unload the other modules since that could cause running processes using those modules to fail in unpredictable ways (and the modules may be busy and not unload at all).

Reboot after switching and it reflects the proper state when it comes back up.

This appears to be working as expected for me, I just tried it switching both ways and it had the correct output after rebooting each time.

Actions #5

Updated by Jim Pingle almost 2 years ago

  • Copied to Regression #13779: SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module added
Actions #6

Updated by Jim Pingle almost 2 years ago

  • Copied to deleted (Regression #13779: SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module)
Actions

Also available in: Atom PDF