This port builds a kernel crypto device driver which uses routines from
Intel's ISA-L crypto library to perform AES-GCM encryption and decryption.
Details
- Reviewers
kevans mat - Commits
- rP544254: Add a new security/isal-kmod port.
- make check-plist for the port
- have tested the driver with KTLS + ktls_ocf.ko and with cryptocheck
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 32364 Build 29845: arc lint + arc unit
Event Timeline
This might get some more testing of the driver before it should be committed, but this isn't a bad place to coordinate testing if others are interested in testing I suppose. On my wimpy little 4-core Haswell box KTLS with aesni was able to push about 35 Gbps in a simple https benchmark vs 41-42 Gbps with this module (and 42-43 Gbps with the KTLS-specific ktls-isa_l-crypto-kmod port).
security/isal-kmod/Makefile | ||
---|---|---|
15 | I think you want to tack on IGNORE_FreeBSD_11= ... and presumably IGNORE_FreeBSD_12= .... It's unfortunate that we don't have an ONLY_FOR_FreeBSD_13= since this probably won't build against, e.g., Dragonfly. |
security/isal-kmod/Makefile | ||
---|---|---|
12 | If it's BSD3CLAUSE, why not base? |
security/isal-kmod/pkg-descr | ||
---|---|---|
8 | Do you want to mention that the source of this port is from https://github.com/bsdjhb/ocf_isa_l and 01org is the upstream? |
security/isal-kmod/Makefile | ||
---|---|---|
12 | It requires yasm or nasm to compile the assembly files which we don't have in base. |
security/isal-kmod/Makefile | ||
---|---|---|
15 | It would need to be some kind of ONLY_FOR_FreeBSD_13+ to mean 13 and beyond. I think it's simpler to add the IGNORE for 11 and 12. OTOH, an ONLY_FOR_FreeBSD would perhaps be helpful. | |
security/isal-kmod/pkg-descr | ||
8 | I added my repo as a WWW, not sure if I need words as well? |
Is there a reason to not import this into base? The isa-l library is BSD-licensed and has a very small footprint.
Ah, okay, I have seen that yasm is also BSD-licensed, but importing a new compiler for a new library isn't worth the hassle.