Changeset View
Changeset View
Standalone View
Standalone View
website/content/en/releases/13.0R/relnotes.adoc
| Show First 20 Lines • Show All 212 Lines • ▼ Show 20 Lines | |||||
| Processes that attach to a man:jail[8] will now completely rebase their man:cpuset[1] onto the jail's cpuset. | Processes that attach to a man:jail[8] will now completely rebase their man:cpuset[1] onto the jail's cpuset. | ||||
| Notably, if a process had been assigned a numbered cpuset then it will be assigned a new numbered set that is the combination of CPUs | Notably, if a process had been assigned a numbered cpuset then it will be assigned a new numbered set that is the combination of CPUs | ||||
| allowed to the attaching process and the jail. | allowed to the attaching process and the jail. | ||||
| Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail. | Processes belonging to the superuser will implicitly widen their CPU mask as needed if they share no CPUs in common with the jail. | ||||
| The in-kernel cryptographic framework has been overhauled to better support | The in-kernel cryptographic framework has been overhauled to better support | ||||
| modern cryptographic algorithms as well as simplify the interface for both | modern cryptographic algorithms as well as simplify the interface for both | ||||
| device drivers and framework consumers. | device drivers and framework consumers. | ||||
jhb: The new comment is related to this commit, not with adding aesni(4) to GENERIC. However, I… | |||||
freebsd_michael-bueker.deAuthorUnsubmitted Not Done Inline ActionsI'd suggest explicitly mentioning that this doesn't imply reduced support. Both on the Forums and on IRC, users have asked whether cryptography will be slower for them with the new identification. I understand it's implied in this minimal phrasing that it won't be, but a little more verbosity couldn't hurt to avoid further questions. freebsd_michael-bueker.de: I'd suggest explicitly mentioning that this doesn't imply reduced support. Both on the Forums… | |||||
jhbUnsubmitted Not Done Inline ActionsAgreed, bringing in your last sentence from below would suit that. jhb: Agreed, bringing in your last sentence from below would suit that. | |||||
| gitref:c03414326909[repository=src] {{< sponsored "Chelsio Communications" >}} | gitref:c03414326909[repository=src] {{< sponsored "Chelsio Communications" >}} | ||||
| Support for Kerberos GSS algorithms deprecated by RFCs 6649 and 8429 has been | Support for Kerberos GSS algorithms deprecated by RFCs 6649 and 8429 has been | ||||
| removed. | removed. | ||||
| gitref:dee3aa83d1b6[repository=src] {{< sponsored "Chelsio Communications" >}} | gitref:dee3aa83d1b6[repository=src] {{< sponsored "Chelsio Communications" >}} | ||||
| Support for previously-deprecated algorithms in man:geli[4] has | Support for previously-deprecated algorithms in man:geli[8] has | ||||
| been removed. | been removed. | ||||
| gitref:e2b9919398c3[repository=src] {{< sponsored "Chelsio Communications" >}} | gitref:e2b9919398c3[repository=src] {{< sponsored "Chelsio Communications" >}} | ||||
| Support for IPsec algorithms deprecated by RFC 8221 as well as Triple DES | Support for IPsec algorithms deprecated by RFC 8221 as well as Triple DES | ||||
| has been removed. | has been removed. | ||||
| gitref:16aabb761c0a[repository=src] {{< sponsored "Chelsio Communications" >}} | gitref:16aabb761c0a[repository=src] {{< sponsored "Chelsio Communications" >}} | ||||
| Support for previously-deprecated cryptographic algorithms has been removed | Support for previously-deprecated cryptographic algorithms has been removed | ||||
| from man:cryptodev[4] and the in-kernel cryptographic framework. | from man:cryptodev[4] and the in-kernel cryptographic framework. | ||||
| gitref:6c80c319ef88[repository=src] {{< sponsored "Chelsio Communications" >}} | gitref:6c80c319ef88[repository=src] {{< sponsored "Chelsio Communications" >}} | ||||
| The amd64 DMAR driver has been refactored to provide a generic I/O MMU | The amd64 DMAR driver has been refactored to provide a generic I/O MMU | ||||
| framework which can be used by other architectures. | framework which can be used by other architectures. | ||||
| As part of this, the amd64-specific `ACPI_DMAR` kernel option has been | As part of this, the amd64-specific `ACPI_DMAR` kernel option has been | ||||
| renamed to `IOMMU`. | renamed to `IOMMU`. | ||||
| gitref:6186bfbd1880[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} | gitref:6186bfbd1880[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} | ||||
| A driver for Arm System Memory Management Unity version 3.2 has been added | A driver for Arm System Memory Management Unity version 3.2 has been added | ||||
| to the aarch64 architecture. | to the aarch64 architecture. | ||||
| The driver is enabled by the `IOMMU` kernel option. | The driver is enabled by the `IOMMU` kernel option. | ||||
| gitref:4cc8701067e1[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} {{< sponsored "Innovate UK" >}} | gitref:4cc8701067e1[repository=src] {{< sponsored "DARPA" >}} {{< sponsored "AFRL" >}} {{< sponsored "Innovate UK" >}} | ||||
| The GENERIC kernels for amd64 and i386 now include man:aesni[4] to support | The GENERIC kernels for amd64 and i386 now include man:aesni[4] to support | ||||
| accelerated software cryptography for man:geli[4] by default. | accelerated software cryptography for man:geli[8] by default. Note that this change may cause man:geli[8] to report the crypto acceleration of many common AES-NI-capable CPUs as "accelerated software", where in previous releases, it was reported as "hardware". This is purely a change in naming, and does not imply reduced performance or support. | ||||
| gitref:074a91f746bd[repository=src] | gitref:074a91f746bd[repository=src] | ||||
| The GENERIC kernel for aarch64 now includes man:armv8crypto[4] to support | The GENERIC kernel for aarch64 now includes man:armv8crypto[4] to support | ||||
| accelerated software cryptography for man:geli[4] by default. | accelerated software cryptography for man:geli[8] by default. | ||||
| gitref:074a91f746bd[repository=src] | gitref:074a91f746bd[repository=src] | ||||
| [[drivers]] | [[drivers]] | ||||
| == Devices and Drivers | == Devices and Drivers | ||||
| This section covers changes and additions to devices and device drivers since {releasePrev}. | This section covers changes and additions to devices and device drivers since {releasePrev}. | ||||
| [[drivers-device]] | [[drivers-device]] | ||||
| Show All 32 Lines | |||||
| The suite of VirtIO device drivers now support the VirtIO V1 spec. This improves FreeBSD's compatibility as a guest operating system with various hypervisors and emulators including the ability to run on the link:https://wiki.qemu.org/images/4/4e/Q35.pdf[Q35 chipset] under QEMU. | The suite of VirtIO device drivers now support the VirtIO V1 spec. This improves FreeBSD's compatibility as a guest operating system with various hypervisors and emulators including the ability to run on the link:https://wiki.qemu.org/images/4/4e/Q35.pdf[Q35 chipset] under QEMU. | ||||
| A new man:ossl[4] driver supports optimized software cryptography on | A new man:ossl[4] driver supports optimized software cryptography on | ||||
| aarch64, amd64, and i386 using assembly routines from OpenSSL. | aarch64, amd64, and i386 using assembly routines from OpenSSL. | ||||
| gitref:ba610be90a7c[repository=src] {{< sponsored "Netflix" >}}, | gitref:ba610be90a7c[repository=src] {{< sponsored "Netflix" >}}, | ||||
| gitref:22bd0c9731d7[repository=src] | gitref:22bd0c9731d7[repository=src] | ||||
| The man:armv8crypto[4] driver which supports software cryptography on | The man:armv8crypto[4] driver which supports software cryptography on | ||||
| ARMv8 CPUs now supports AES-XTS which is used by man:geli[4]. | ARMv8 CPUs now supports AES-XTS which is used by man:geli[8]. | ||||
| gitref:4979620ece98[repository=src] | gitref:4979620ece98[repository=src] | ||||
| The man:armv8crypto[4] driver now supports AES-GCM which is used by IPsec | The man:armv8crypto[4] driver now supports AES-GCM which is used by IPsec | ||||
| and kernel TLS. | and kernel TLS. | ||||
| gitref:f76393a6305b6[repository=src] {{< sponsored "Ampere Computing" >}} | gitref:f76393a6305b6[repository=src] {{< sponsored "Ampere Computing" >}} | ||||
| [[storage]] | [[storage]] | ||||
| == Storage | == Storage | ||||
| ▲ Show 20 Lines • Show All 228 Lines • Show Last 20 Lines | |||||
The new comment is related to this commit, not with adding aesni(4) to GENERIC. However, I would probably instead add an entirely new entry referencing commit a3d565a1188f, something like:
man:geli[8] now reports the use of accelerated software cryptography (such as AES-NI on x86 CPUs) as "accelerated software" rather than "hardware". gitref:a3d565a1188f[repository=src] {{< sponsored "Chelsio Communications" >}}