Project

General

Profile

Bug #7806

dashboard System Information - inconsistent crypto information

Added by David Burns about 3 years ago. Updated about 3 years ago.

Status:
Rejected
Priority:
Very Low
Assignee:
-
Category:
Dashboard
Target version:
-
Start date:
08/23/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4
Affected Architecture:

Description

2.4.0-RC (amd64)
built on Wed Aug 23 15:31:27 CDT 2017
FreeBSD 11.0-RELEASE-p12

The pfSense Crypto HW information is inconsistent.

The "CPU Type" field now includes output detecting AES-NI CPU Crypto hardware
Example: AES-NI CPU Crypto: Yes (active)

NB AES-NI is only applicable to x86/amd64 architectures. Future support for other variants such as QAT or ARM AES?

Next, the "Hardware crypto" field actually shows kernel crypto support.
Example: AES-CBC,AES-XTS,AES-GCM,AES-ICM

Suggestion: move CPU Crypto information to Hardware Crypto field.
Example:
AES-NI: Active
Kernel support: AES-CBC,AES-XTS,AES-GCM,AES-ICM

History

#1 Updated by Jim Pingle about 3 years ago

  • Status changed from New to Rejected

That is by design. The information in the CPU section is specific to the CPU, and shows up even when support for the hardware is not loaded. It shows AES-NI for amd64, and on other platforms it shows what the CPU could be capable of using. For example, on SG-1000 it shows "am335x built-in CPU Crypto (inactive)" (because it has no drivers yet)

The other section is for any active detected crypto hardware, not only what can be found in the CPU, and often shows which ciphers are accelerated as well depending on the detection string for the hardware device.

See #7529

Also available in: Atom PDF