Project

General

Profile

Actions
Copy link

Regression #13670

closed

AES-NI support is built into the kernel on snapshots instead of being a module

Added by johnny stecchino over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Kristof Provost
Category:
Dashboard
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:
amd64

Description

AES-NI is activated in Advanced/Miscellaneous but dashboard system status shows AES-NI present but inactive

ps this machine also has quick assist

Files

Download all files
Screenshot 2022-11-16 at 3.05.04 PM.png (42.2 KB) Screenshot 2022-11-16 at 3.05.04 PM.png system-status johnny stecchino, 11/16/2022 02:05 PM
Screenshot 2022-11-16 at 3.02.59 PM.png (161 KB) Screenshot 2022-11-16 at 3.02.59 PM.png adv-misc-settings johnny stecchino, 11/16/2022 02:05 PM
QATandAES.png (10.1 KB) QATandAES.png Jordan G, 11/19/2022 06:22 PM
Actions
Copy link
 #1

Updated by Jim Pingle over 1 year ago

  • Tracker changed from Bug to Regression
  • Project changed from pfSense Plus to pfSense
  • Subject changed from AES-NI crypto module shows as inactive when it is in fact present and active to AES-NI support is built into the kernel on snapshots instead of being a module
  • Category changed from Cryptographic Modules to Dashboard
  • Status changed from New to Feedback
  • Assignee set to Kristof Provost
  • Target version set to 2.7.0
  • Affected Plus Version deleted (23.01)
  • Plus Target Version set to 23.01

This is because AES-NI is currently built into the kernel. We were debating whether to keep it in the kernel or move it back to a module (Internal issue NG 8925).

MR https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/112 to move it back to a module was merged earlier today, so it should be in snapshots tomorrow.

Actions
Copy link
 #2

Updated by Jim Pingle over 1 year ago

  • Release Notes changed from Default to Force Exclusion
Actions
Copy link
 #3

Updated by Jordan G over 1 year ago

on 23.01.a.20221118.0600 if I switch from QAT to AES-NI in the System>Advanced>Miscellaneous, save/apply, then check the dashboard it shows Yes(Active) for both QAT and AES-NI (AES-NI is actually selected).

Actions
Copy link
 #4

Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100

That is normal. Changing the configuration does not unload the other modules since that could cause running processes using those modules to fail in unpredictable ways (and the modules may be busy and not unload at all).

Reboot after switching and it reflects the proper state when it comes back up.

This appears to be working as expected for me, I just tried it switching both ways and it had the correct output after rebooting each time.

Actions
Copy link
 #5

Updated by Jim Pingle over 1 year ago

  • Copied to Regression #13779: SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module added
Actions
Copy link
 #6

Updated by Jim Pingle over 1 year ago

  • Copied to deleted (Regression #13779: SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module)
Actions
Copy link

Also available in: Atom PDF