Bug #7806
closed
dashboard System Information - inconsistent crypto information
0%
Description
2.4.0-RC (amd64)
built on Wed Aug 23 15:31:27 CDT 2017
FreeBSD 11.0-RELEASE-p12
The pfSense Crypto HW information is inconsistent.
The "CPU Type" field now includes output detecting AES-NI CPU Crypto hardware
Example: AES-NI CPU Crypto: Yes (active)
NB AES-NI is only applicable to x86/amd64 architectures. Future support for other variants such as QAT or ARM AES?
Next, the "Hardware crypto" field actually shows kernel crypto support.
Example: AES-CBC,AES-XTS,AES-GCM,AES-ICM
Suggestion: move CPU Crypto information to Hardware Crypto field.
Example:
AES-NI: Active
Kernel support: AES-CBC,AES-XTS,AES-GCM,AES-ICM
Updated by Jim Pingle over 7 years ago
- Status changed from New to Rejected
That is by design. The information in the CPU section is specific to the CPU, and shows up even when support for the hardware is not loaded. It shows AES-NI for amd64, and on other platforms it shows what the CPU could be capable of using. For example, on SG-1000 it shows "am335x built-in CPU Crypto (inactive)" (because it has no drivers yet)
The other section is for any active detected crypto hardware, not only what can be found in the CPU, and often shows which ciphers are accelerated as well depending on the detection string for the hardware device.
See #7529