How to find out if my CPU is AES-NI capable ?
-
cat /proc/cpuinfo
-
cat /proc/cpuinfo
Sorry I made a mistake while asking the question. I use LInux on the client PC. I am using pfSense on the router. How do I find out if my CPU is AES-NI capable from the pfSense web interface ?
-
dmesg | grep -i cpu
In my case AMD GX-412TC
Then enter 'AMD GX-412TC info' into Google, should give you all the info you need.
-
@marjohn56:
dmesg | grep -i cpu
In my case AMD GX-412TC
Then enter 'AMD GX-412TC info' into Google, should give you all the info you need.
I am a total newbie. Where do I type
dmesg | grep -i cpu ```?? -
If you have enabled ssh you can shell into pfsense and run it from there or you can run it from Diagnostics/Command Prompt.
-
@marjohn56:
If you have enabled ssh you can shell into pfsense and run it from there or you can run it from Diagnostics/Command Prompt.
This is the output
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ (2913.32-MHz K8-class CPU) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu0: <acpi cpu="">on acpi0 cpu1: <acpi cpu="">on acpi0 powernow0: <powernow! k8="">on cpu0 powernow1: <powernow! k8="">on cpu1 SMP: AP CPU #1 Launched!</powernow!></powernow!></acpi></acpi>Googled and found this info
Cant find AES-NI anywhere so its not AES-NI capable ? Or do I need to do more searching ?
-
Cant find AES-NI anywhere so its not AES-NI capable ? Or do I need to do more searching ?
It's an old proc, see this on wiki.
-
@marjohn56:
Cant find AES-NI anywhere so its not AES-NI capable ? Or do I need to do more searching ?
It's an old proc, see this on wiki.
Thanks for that link.
Just curious what will you do when pfSense drops support for non AES-NI processors ?
WIll you buy new hardware or move to a different firewall ? I am really frustrated with this development.
-
Mine supports it. PCEngines APU2C4
-
@marjohn56:
Mine supports it. PCEngines APU2C4
You are really lucky. I guess I will have to move to IPcop.
-
Or just replace your hardware.
Pfsense 2.4 and previous versions will still work anyway.
-
@marjohn56:
Or just replace your hardware.
Pfsense 2.4 and previous versions will still work anyway.
I don't have the cash right now. If I run an old version of pfSense dont you think that will be a security risk?
-
@marjohn56:
Or just replace your hardware.
Pfsense 2.4 and previous versions will still work anyway.
I don't have the cash right now. If I run an old version of pfSense dont you think that will be a security risk?
No I don't, Quote "The purpose of the instruction set is to improve the speed of applications performing encryption and decryption using the Advanced Encryption Standard (AES)"
In other words it speeds up certain functions, the same functions are still carried in software/firmware if you do not have AES, it's just more processor intensive.
Using AES you can do away with those software/firmware routines and it's all handled by the processor.
Even if you cannot upgrade to 2.5 pfSense will still be secure.
-
There is still some considerable time until 2.5 is here and 2.4 is no longer supported, by which time you may be able to upgrade.
-
There is still some considerable time until 2.5 is here and 2.4 is no longer supported, by which time you may be able to upgrade.
Thats good news.
-
At least in 2.4.0 BETA, you just look on your dashboard now 8).
Cost wise this requirement has (IMO) been blown way out of proportion where home users are concerned.
Very few home users have any need for a CPU exceeding the capabilities of a modern SoC celeron.
You can pick those up new today for $55 (that's motherboard + CPU), so in 2-3 years when this requirement is actually relevant, you will probably be able to pick one up for <$30.For those home users that do need a powerful system, AES-NI has been around for something like a decade now. eBay is literally full of old SFF desktops from office buildings.
http://www.ebay.com/itm/Lenovo-ThinkCentre-M91p-SSF-i5-2400-3-1GHz-8-GB-500GB-Windows-10-Free-Ship-/252930866220?hash=item3ae3dabc2c:g:Jd0AAOSwaeRZEzw-
Just going off the CPU I use on pfSense and a quick eBay search, $120 gets you an i5-2400 (virtually the same passmark as an i3-7100[not that passmark is a great comparison, but you get the general idea]) with 8GB RAM and a HDD. Add $15 for an i340-t2 and you're set for probably 95%+ of home use scenarios for pfSense. This of course assumes that you are starting out with nothing, and it's today's prices. These things aren't getting more expensive.
All that is to say that you do not need to spend a lot of money to get AES-NI, it's old tech by now.
-
Thanks for that link.
Just curious what will you do when pfSense drops support for non AES-NI processors ?
WIll you buy new hardware or move to a different firewall ? I am really frustrated with this development.
Well my hope is they will change their mind, because it's clearly an incorrect decision. After that, My first plan is to hack it in there, because the developers would have to go out of their way to remove support, so it shouldn't be too hard to add it back in. The second is to move to another firewall. It's too bad, I wanted to support the project via Gold, and was literally going to buy it the week the news hit.
-
You would go to all that effort to avoid spending a few bucks on a cpu from the last decade?
-
Bizarre…
It's called evolution...
-
Just curious what will you do when pfSense drops support for non AES-NI processors ?
WIll you buy new hardware…
Yes of course, but only when I need to.