How do I enable cryptographic hardware in my SG-1000?
-
I just upgraded the software in my SG-1000 from 2.4.4 (which did not support hardware crypto) to 22.01. (It didn't find the update on its own; I had to back level to an earlier, deprecated version before it would update properly.) The point of this update was to utilize the hardware crypto feature. I thought the proper driver was supposed to be added in version 2.5.something. Maybe.
However, when I change settings at system => advanced => miscellaneous => cryptographic & thermal hardware => cryptographic hardware, the status => dashboard continues to say "am335x built-in CPU Crypto (inactive)". I've tried all the choices; nothing fixes the "(inactive)" part.
There were several threads in the forum two to three years ago that discussed this issue, and the only answers I saw were "we're working on it" or "next version of the software". Well, it's definitely a later version, right?
So, is there something I'm not doing correctly? Or is it still "next version of the software...maybe"? Or could it be "we're no longer working on end-of-service products"?
It sure would be cool to fully utilize the hardware I purchased.
Thanks in advance for any authoritative or knowledgeable responses.
-
S stephenw10 moved this topic from General pfSense Questions on
-
@tnandy The hardware crypto support never happened for that model. The SG-1000 has been end of life since October 2019 so I would not be expecting any change in that status.
-
@bigsy said in How do I enable cryptographic hardware in my SG-1000?:
@tnandy The hardware crypto support never happened for that model. The SG-1000 has been end of life since October 2019 so I would not be expecting any change in that status.
Thanks.
-
Yes, unfortunately the work on the crypto driver hit a number of significant issues that proved impractical to get past. It's very unlikely it will happen at this point.
Steve
-
@stephenw10 said in How do I enable cryptographic hardware in my SG-1000?:
Yes, unfortunately the work on the crypto driver hit a number of significant issues that proved impractical to get past. It's very unlikely it will happen at this point.
Steve
That is quite inelegant.
If you guys have given up trying, might this be open source code?
-
I was never involved in this directly with this effort but my understanding is that licensing was one of the issues. A GPL driver exists but that cannot be upstreamed.
Let me see if I can get any further details. It's unlikely we can do anything here.
Steve
-
@stephenw10
I sure appreciate your efforts. I'll keep my fingers crossed, but I won't hold my breath. -
@stephenw10 said in How do I enable cryptographic hardware in my SG-1000?:
I was never involved in this directly with this effort but my understanding is that licensing was one of the issues. A GPL driver exists but that cannot be upstreamed.
Let me see if I can get any further details. It's unlikely we can do anything here.
Steve
...Because GPL licensing and BSD licensing are incompatible?
-
Yes, the GPL is more restrictive so code licensed under it cannot be included in a BSD license (or MIT). But IAMAL and I won't pretend to know all the details!
Also it's a Linux driver so would require significant work anyway.
Steve
-
@stephenw10
I don't suppose the written permission of the author(s) or current owner(s) would make a difference, would it? Could THEY release their own code under a different license? -
@stephenw10 And by the way, I helped port several hundred thousand lines of code from one language to another back in the OS/2 days. I suggest porting one program from a UNIX based O/S to another UNIX based O/S isn't really all that scary, especially if there's already a compiler for whatever language it's written in available for both operating systems.
-
Licensing discussions are really way out of my field but no written permission would likely not be sufficient. It's unlikely there was a single author. It might need to be dual licensed and after that fact that could be difficult to impossible.
-
@stephenw10 Could this be the driver in question?
MODULE_DESCRIPTION("ARM TrustZone CryptoCell REE Driver");
https://lwn.net/Articles/720543/ -