Page MenuHomeFreeBSD

Add a new security/isal-kmod port.
Needs ReviewPublic

Authored by jhb on Mon, Jun 29, 10:57 PM.



This port builds a kernel crypto device driver which uses routines from
Intel's ISA-L crypto library to perform AES-GCM encryption and decryption.

Test Plan
  • make check-plist for the port
  • have tested the driver with KTLS + ktls_ocf.ko and with cryptocheck

Diff Detail

rP FreeBSD ports repository
No Linters Available
No Unit Test Coverage
Build Status
Buildable 32051
Build 29576: arc lint + arc unit

Event Timeline

jhb created this revision.Mon, Jun 29, 10:57 PM
jhb requested review of this revision.Mon, Jun 29, 10:57 PM
jhb added a comment.Mon, Jun 29, 11:00 PM

This might get some more testing of the driver before it should be committed, but this isn't a bad place to coordinate testing if others are interested in testing I suppose. On my wimpy little 4-core Haswell box KTLS with aesni was able to push about 35 Gbps in a simple https benchmark vs 41-42 Gbps with this module (and 42-43 Gbps with the KTLS-specific ktls-isa_l-crypto-kmod port).

jhb added a reviewer: kevans.Mon, Jun 29, 11:00 PM
kevans added inline comments.Mon, Jun 29, 11:22 PM

I think you want to tack on IGNORE_FreeBSD_11= ... and presumably IGNORE_FreeBSD_12= .... It's unfortunate that we don't have an ONLY_FOR_FreeBSD_13= since this probably won't build against, e.g., Dragonfly.

cem added inline comments.Tue, Jun 30, 1:54 AM

If it's BSD3CLAUSE, why not base?

lwhsu added a subscriber: lwhsu.Tue, Jun 30, 6:42 AM
lwhsu added inline comments.

Do you want to mention that the source of this port is from and 01org is the upstream?

jhb added inline comments.Tue, Jun 30, 4:48 PM

It requires yasm or nasm to compile the assembly files which we don't have in base.