Feature #14291
closed
Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB)
100%
Description
The kernel module for the Intel® Multi-Buffer Crypto for IPsec Library (a.k.a. IPsec-MB or IIMB) has been added in the FreeBSD source for Plus, and GUI/backend code has been added to enable it. Documentation is ready and staged for 23.05 as well.
IPsec-MB is not limited to accelerating IPsec, despite the name. It leverages CPU SIMD instructions to accelerate anything using kernel crypto functions for AES-GCM-128, AES-GCM-256, AES-CBC-128, AES-CBC-256, SHA1, SHA2, and ChaCha20/Poly1305. This includes IPsec, WireGuard, OpenVPN DCO and more.
This issue is for tracking purposes and to make a release notes entry, more details are on NG 10281.
Files
Updated by Jim Pingle over 1 year ago
- Category changed from Operating System to Cryptographic Modules
Updated by Jonathan Lee 11 months ago
Old post however I wanted to bring more attention to CryptoID loss of ping-auth when fresh firmware is installed.
AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512
SG-2100 has issues with 23.09.01 the command ping-auth is removed.
"The CryptoID is shown as expected if the /etc/thoth/thothid is populated. That file is populated by ping-auth which no longer exists which is why fresh installs show the error but upgrades do not." (Steve Wheeler)
Updated by Jim Pingle 11 months ago
crypto id/ping-auth has nothing to do with cryptographic acceleration, it's not relevant to this issue in any way.