How to validate that pfsense SG-2440 use AES-NI?
-
Running the following command doesn't list the AES-NI hardware engine like I expected:
[2.2.2-RELEASE][root@pfSense.localdomain]/root: openssl engine
(cryptodev) BSD cryptodev engine
(rsax) RSAX engine support
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading supportIf i grep on dmesg I can see that AES-NI is detected.
[2.2.2-RELEASE][root@pfSense.localdomain]/root: dmesg | grep -B10 -A10 aes
da0: <generic ultra="" hs-combo="" 1.98="">Removable Direct Access SCSI-0 device
da0: Serial Number 000000225001
da0: 40.000MB/s transfers
da0: 3648MB (7471104 512 byte sectors: 255H 63S/T 465C)
da0: quirks=0x2 <no_6_byte>SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1750043526 Hz quality 1000
Trying to mount root from ufs:/dev/ufsid/554a2fc78b92e8b2 [rw]…
WARNING: /: TRIM flag on fs but disk does not support TRIM
padlock0: No ACE support.
aesni0: <aes-cbc,aes-xts,aes-gcm>on motherboard</aes-cbc,aes-xts,aes-gcm>
igb0: link state changed to UP
bridge0: link state changed to UP
igb1: promiscuous mode enabled
igb2: promiscuous mode enabled
igb3: promiscuous mode enabled
pflog0: promiscuous mode enabled
igb2: link state changed to UP
igb1: link state changed to UP
igb1: link state changed to DOWN
igb1: link state changed to UPThe AES-NI module selected on the website, so iam unsure if it is used.
So how can i validate this?
Regards
Lars Pedersen</no_6_byte></generic> -
With the aesni.ko module loaded it's part of cryptodev.
: openssl engine -t -c (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC] [ available ] (rsax) RSAX engine support [RSA] [ available ] (rdrand) Intel RDRAND engine [RAND] [ available ] (dynamic) Dynamic engine loading support [ unavailable ]
OpenSSL on its own will find it and use it internally but that can be a bit more difficult to identify.