Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES Active although not enabled

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 878 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jkaay
      last edited by

      Hi,

      Very new to Pfsense, so please excuse this question if it sounds silly.

      My dashboard shows:
      AES-NI CPU Crypto: Yes (active)

      Although I haven't enabled it in System, Advanced, Misc, Cryptographic Hardware. Which is set to None.

      Its was like this on install. Is this usual? As I needed to set this before but for some reason it showing active with out me changing any setting after fresh install. Pfsense 2.5.2.

      Any help or opinion will be appreciated.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        That only shows that the aes-ni driver module is loaded. It may not be actually in use.

        The module is not unloaded if you set crypto hardware to none until the firewall is rebooted. Unless you manually unload it with kldunload.

        Steve

        J 1 Reply Last reply Reply Quote 1
        • J Offline
          jkaay @stephenw10
          last edited by

          @stephenw10 Thanks for your response, I got confused as on prior installs, I had to set it in System, Advanced, Misc, Cryptographic Hardware. As it wouldn't say Active until I changed the setting. But on this install it was automatically doing it. Really appreciate your response.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Hmm, well you can check the status of the module at the command line:

            [2.5.2-RELEASE][admin@t70.stevew.lan]/root: kldstat
            Id Refs Address                Size Name
             1   16 0xffffffff80200000  3aea720 kernel
             2    1 0xffffffff83ceb000     61c0 ichsmb.ko
             3    3 0xffffffff83cf2000     2ef0 smbus.ko
             4    1 0xffffffff83cf5000     2e60 smb.ko
             5    1 0xffffffff83cf8000     1ae8 mdio.ko
             6    1 0xffffffff83f21000     1000 cpuctl.ko
             7    1 0xffffffff83f22000     8cb0 aesni.ko
             8    1 0xffffffff83f2b000      b28 coretemp.ko
            
            1 Reply Last reply Reply Quote 1
            • J Offline
              jkaay
              last edited by

              Id Refs Address Size Name
              1 15 0xffffffff80200000 3aea720 kernel
              2 1 0xffffffff83ceb000 ee98 aesni.ko
              3 1 0xffffffff83cfb000 3bb7f0 zfs.ko
              4 2 0xffffffff840b7000 a448 opensolaris.ko
              5 1 0xffffffff844e6000 1000 cpuctl.ko

              I don't know what any of this means but going to try and figure out what I'm looking at.

              stephenw10S 1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator @jkaay
                last edited by

                It's a list of the loaded kernel modules and it shows the aes-ni module is loaded. That's what the dashboard script looks at to determine whether or not to show 'active'.

                Normally that module is not loaded at boot unless you have selected AES-NI for hardware crypto. But, as I said, it is not unloaded if you deselect it until you reboot.

                Selecting it adds a line /boot/loader.conf. However if you have the customer file /boot/loader.conf.local you might have a line loading it there even if it's not selected in the gui.

                Steve

                J 1 Reply Last reply Reply Quote 1
                • J Offline
                  jkaay @stephenw10
                  last edited by

                  @stephenw10 Thanks Steve for your help its much appreciated.

                  jkaay

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.