wipeout40k
Cadet
- Joined
- Jan 6, 2014
- Messages
- 2
Hi there,
I installed freenas 9.2 yesterday becaue of the implementation of VIA padlock hardware acceleration. Well maybe one of you guys can help me, i´ve got a little problem with the freenas release 9.2, i have a via cpu with padlock, but the hardware acceleration only works with aes-cbc block cipher, geom_eli uses aes-xts for encrypted drives so crypto runs in software mode, anyway to change the default configuration to aes-cbc?
Here is output from dmesg|grep adlock
VIA Padlock Features=0x70dcc<RNG,AES,AES-CTR,SHA1,SHA256>
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
I also created 2 test devices:
geli onetime -s 4096 -l 256 -e aes-cbc gzero
geli onetime -s 4096 -l 256 -e aes-xts gzero
Here the output from geli list:
[root@freenas] ~# geli list -a
Geom name: gzero.eli
State: ACTIVE
EncryptionAlgorithm: AES-CBC
KeyLength: 256
Crypto: hardware
Flags: ONETIME
KeysAllocated: 2
KeysTotal: 268435456
Providers:
1. Name: gzero.eli
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 4096
Mode: r0w0e0
Consumers:
1. Name: gzero
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 512
Mode: r1w1e1
Geom name: gzero.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: software
Flags: ONETIME
KeysAllocated: 2
KeysTotal: 268435456
Providers:
1. Name: gzero.eli
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 4096
Mode: r0w0e0
Consumers:
1. Name: gzero
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 512
Mode: r1w1e1
So you can see, padlock is active with aes-cbc block cipher.....
Any solutions how to change the cipher mode for encrypted disks?
btw: on 64-bit freenas openssl isn´t using padlock
[root@freenas] ~# openssl engine
(cryptodev) BSD cryptodev engine
(dynamic) Dynamic engine loading support
it works fine on the 32-bit version of freenas
I hope you can help with this issue and I´m sure much people interested in it because padlock is really nice and has a great performance :) Thanks!
I installed freenas 9.2 yesterday becaue of the implementation of VIA padlock hardware acceleration. Well maybe one of you guys can help me, i´ve got a little problem with the freenas release 9.2, i have a via cpu with padlock, but the hardware acceleration only works with aes-cbc block cipher, geom_eli uses aes-xts for encrypted drives so crypto runs in software mode, anyway to change the default configuration to aes-cbc?
Here is output from dmesg|grep adlock
VIA Padlock Features=0x70dcc<RNG,AES,AES-CTR,SHA1,SHA256>
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
I also created 2 test devices:
geli onetime -s 4096 -l 256 -e aes-cbc gzero
geli onetime -s 4096 -l 256 -e aes-xts gzero
Here the output from geli list:
[root@freenas] ~# geli list -a
Geom name: gzero.eli
State: ACTIVE
EncryptionAlgorithm: AES-CBC
KeyLength: 256
Crypto: hardware
Flags: ONETIME
KeysAllocated: 2
KeysTotal: 268435456
Providers:
1. Name: gzero.eli
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 4096
Mode: r0w0e0
Consumers:
1. Name: gzero
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 512
Mode: r1w1e1
Geom name: gzero.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: software
Flags: ONETIME
KeysAllocated: 2
KeysTotal: 268435456
Providers:
1. Name: gzero.eli
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 4096
Mode: r0w0e0
Consumers:
1. Name: gzero
Mediasize: 1152921504606846976 (1.0E)
Sectorsize: 512
Mode: r1w1e1
So you can see, padlock is active with aes-cbc block cipher.....
Any solutions how to change the cipher mode for encrypted disks?
btw: on 64-bit freenas openssl isn´t using padlock
[root@freenas] ~# openssl engine
(cryptodev) BSD cryptodev engine
(dynamic) Dynamic engine loading support
it works fine on the 32-bit version of freenas
I hope you can help with this issue and I´m sure much people interested in it because padlock is really nice and has a great performance :) Thanks!